Your security is our priority
We take security seriously. Here is what we have implemented to protect your data and what is on our roadmap.
What We Have Built
These security features are live and protecting your account today.
Secure Authentication
JWT-based authentication with access and refresh tokens. Your sessions are securely managed with automatic token refresh.
OAuth 2.0 with PKCE
Sign in with Google or Microsoft using OAuth 2.0 with PKCE (Proof Key for Code Exchange) for maximum security against interception attacks.
Magic Link Authentication
Passwordless login option via secure email links. No password to remember or steal.
HTTPS Everywhere
All communications between your browser and our servers are encrypted using HTTPS/TLS.
Secure Password Reset
Token-based password reset flow with expiring links to ensure only you can reset your password.
XSS Protection
Built-in protection against cross-site scripting attacks with content sanitization.
Current Security Practices
How we protect your data every day.
- All API endpoints secured with HTTPS
- CSRF protection on OAuth flows
- Automatic session invalidation on logout
- Secure token storage practices
- Input validation and sanitization
- Regular security updates and patches
Coming Soon
We are actively working on these security enhancements.
Multi-Factor Authentication (MFA)
Add an extra layer of security with authenticator apps or SMS verification.
SSO/SAML Integration
Enterprise single sign-on support for seamless team authentication.
Hardware Security Keys
Support for FIDO2/WebAuthn hardware keys like YubiKey.
End-to-End Encryption
Zero-knowledge architecture where only you can read your emails.
Audit Logging
Comprehensive logs of all account activity for security monitoring.
SOC 2 Type II Certification
Independent audit of our security controls and practices.
Questions or concerns?
Our team is here to help. Reach out for security questions or to report a vulnerability.