Keeping your data secure is my biggest priority. While any application that sends and receives data over a network is probably never 100% bullet-proof, I do everything I can to hew as close to the ideal as is possible.
Beyond passwords, user data is currently not encrypted at rest—this enables full-text search, which is an essential feature of a service like this one. If at some point I can encrypt all user data without drastically impacting the overall experience of using the site, I will do so happily, and with haste.
Do note that despite my extensive efforts to keep your information hidden from prying eyes, you use the service at your own risk. To reiterate, data of an especially sensitive nature is probably best not stored anywhere on the Internet.
Security Measures in Place
- Passwords are hashed and salted using the
- The entire service uses TLS-encrypted transfers. Unencrypted HTTP transfers are entirely disabled.
- Long-duration HSTS is enabled.
- The SSL certificate is renewed roughly every 60 days.
Questions or concerns?
Please address any questions or concerns about security to me directly. If you believe you have encountered a security issue, please contact me privately rather than reporting it on a public forum. I will do my best to address any and all inquiries as soon as I possibly can.