Security Policy

Our Security Model

We take the security of your data seriously. Our application operates on a "Responsible Server-Trust Model." Here's what that means for you:

• Encryption in Transit: All data transferred between your device and our servers is encrypted using industry-standard TLS (HTTPS).
• Encryption at Rest: Your data is stored in our database which utilizes encryption at rest. This protects your data from physical theft of server hardware.
• Row-Level Security: We use robust database policies to ensure that you can only ever access your own data. An account breach for one user will not expose the data of other users.

Your Responsibilities

Your account's security is a shared responsibility. We recommend you:

• Use a strong, unique password for your account.
• Use a trusted password manager to store your credentials.
• Be cautious about phishing attempts and never share your password.

Our Commitment to Future Security: End-to-End Encryption

We believe the gold standard for user privacy is End-to-End Encryption (E2EE), where not even we can access your data. Implementing E2EE for a complex, real-time application is a significant engineering challenge that requires substantial resources to get right. It is our long-term goal to offer E2EE as an option for our users. Our commitment is to build a sustainable product first, which will enable us to fund the development of these advanced security features in the future.

Reporting Vulnerabilities

If you believe you have found a security vulnerability in our application, please contact us immediately at security@sbstd.app. We appreciate your help in keeping our community safe.