Security

Encryption & Transport

All traffic is encrypted in transit via HTTPS/TLS. Sensitive credentials are never sent or stored in plain text.

Account Protection

• CSRF protection and secure session handling.
• Rate-limiting and basic anomaly detection on auth endpoints.
• Optional 2FA planned for Pro accounts.

Data Practices

Production access is limited and audited. Backups are encrypted at rest. Journal content is end-to-end encrypted on Premium/Pro (per feature docs).

Responsible Disclosure

If you believe you’ve found a security issue, please contact us with steps to reproduce. Do not publicly disclose before we’ve had a reasonable chance to investigate.

Status & Uptime

See live service health at /status (when available).