Security & Privacy

We take your privacy seriously. Here's how we protect your information and keep your data safe.

What This Means for You

Your Profiles are Password Protected

Every profile you create can be secured with a password. We use industry-standard encryption to store your passwords—even we can't see them.

Control Who Sees What

Create temporary share links that expire when you want them to. Share your profile without giving up control.

No Tracking or Selling

We don't track you across the web, show you ads, or sell your data. Your information stays yours.

Protected Against Abuse

We actively monitor for suspicious activity and have systems in place to prevent spam, bots, and unauthorized access attempts.

Secure Connections Only

All data sent between your device and our servers is encrypted with HTTPS. Nobody can intercept your information in transit.

Technical Security Measures

For developers and technically-minded users, here's what's under the hood:

Password Security

  • • bcrypt hashing with salt rounds
  • • Never stored in plain text
  • • Strength requirements enforced

Session Management

  • • Secure, httpOnly session cookies
  • • CSRF token protection
  • • Auto-expiring sessions

Rate Limiting

  • • Sliding window algorithm
  • • Per-endpoint configurations
  • • Automatic IP blocking

Input Validation

  • • Schema-based validation (Zod)
  • • XSS prevention & sanitization
  • • Type-safe data handling

Security Headers

  • • HSTS enforced
  • • XSS & clickjacking protection
  • • Content Security Policy

Infrastructure

  • • PostgreSQL with row-level security
  • • Redis for session storage
  • • Vercel edge network

OWASP Top 10 Compliance

We follow industry best practices and actively protect against the OWASP Top 10 vulnerabilities, including injection attacks, broken authentication, XSS, CSRF, and more.

Our Data Practices

What We Collect

  • • Your questionnaire responses (only what you choose to share)
  • • Anonymous usage statistics for performance monitoring
  • • IP addresses for security and rate limiting (not linked to profiles)

What We Don't Collect

  • • Personal identification documents
  • • Browsing history or cross-site tracking
  • • Email addresses (unless you contact us)
  • • Financial information

Your Rights

  • • Delete your profile anytime—it's gone immediately
  • • Export your data in JSON format
  • • No account required means no data retention after deletion

Questions or Concerns?

Security is an ongoing commitment. If you have questions about our security practices or want to report a vulnerability, we're here to listen.

Get in Touch

Security measures last updated: October 2025

← Back to Home