Trust, Security & Privacy
We take the security and privacy of your account and data seriously. This page summarizes the controls we have in place. It is maintained by our team and is not an independent certification.
Account security
- Passwords are stored using industry-standard one-way hashing.
- New and changed passwords are checked against known breached password lists and rejected when found.
- Sessions use short-lived tokens with automatic refresh and can be revoked by signing out.
- Sign in with Google is available alongside email and password.
Data protection
- Data is transmitted over TLS and stored in a managed database with row-level access controls.
- Access to your records is scoped to your account; administrative access is limited and audited.
- Backups are managed by our infrastructure provider and retained on a rolling basis.
Privacy
- We collect only the information needed to provide and improve the service.
- We do not sell personal data.
- You may request export or deletion of your account data by contacting support.
Reporting a vulnerability
If you believe you have found a security issue, please contact our support team with details so we can investigate and respond. Please do not publicly disclose issues before we have had a chance to address them.
This page describes controls operated by us as the application owner. It is provided for transparency and is not a substitute for a formal third-party audit or certification.