Trust Center
This page is maintained by Parts Match Inc. to answer common security and privacy questions about Parts Match.
The information below describes the platform capabilities and practices we use today. It is not an independent security certification, audit report, or legal guarantee. Security on Parts Match is a shared responsibility: we secure the platform, our service providers secure the infrastructure they provide, and every user is responsible for keeping their account credentials safe.
Overview
Platform & hosting
Parts Match runs on Lovable Cloud, a managed backend service that provides authentication, database, and storage infrastructure. Our application is hosted on Railway, which supplies the compute and network layer.
- All application traffic is served over HTTPS using TLS.
- Database connections are encrypted and access is restricted to the application.
- You can review Railway’s security posture and trust documentation at trust.railway.com.
Payments
Payments on Parts Match are processed by Stripe. We do not store full card numbers or bank credentials on Parts Match servers; Stripe handles card data, identity verification, and payout routing under its own security and compliance programs.
- Stripe’s infrastructure is certified to PCI DSS standards. You can read more in Stripe’s security documentation at docs.stripe.com/security.
- Funds from sales are held until delivery confirmation, reducing risk for both buyers and sellers.
- Sellers connect a bank account for payouts; account details are handled by Stripe.
Identity & access
- Every buyer and seller must complete identity verification before they can transact.
- Authentication is handled through Lovable Cloud’s managed auth service, including password-based login and optional social providers.
- We encourage users to enable two-factor authentication when available and to use a strong, unique password.
- Access to internal admin tools is limited to authorized Parts Match staff and protected by the same authentication stack.
Data protection
- Data is encrypted in transit with TLS and at rest by our cloud providers.
- We collect only the information needed to run the marketplace, verify identity, process orders, and provide support.
- We do not sell personal information. See our Privacy Policy for details on what we collect and how we use it.
- We retain records for as long as necessary to operate the service and meet legal, tax, and fraud-prevention obligations.
Subprocessors & integrations
Parts Match relies on a small set of service providers to operate the marketplace:
- Lovable Cloud — authentication, database, and storage.
- Railway — application hosting and compute.
- Stripe — payments, identity verification, and payouts.
- ShipStation & supported carriers — shipping labels and tracking.
Each provider is responsible for the security of the services it delivers. We choose providers with published security programs and review their policies before integrating.
Reporting a security issue
If you discover a security vulnerability or suspicious activity on Parts Match, please report it to us right away. We review all reports and work with researchers and users to address valid issues responsibly.
Email: security@parts-match.com
Please include enough detail for us to reproduce the issue, and allow reasonable time for us to investigate before disclosing it publicly.
Questions & contact
For general privacy questions, account issues, or support requests, contact support@parts-match.com.
For terms of use, see our Terms of Service.