Security & Trust Commitment

How we protect your account

• Encrypted connections. All traffic to and from our site is protected with HTTPS/TLS encryption.
• Strong password hygiene. We block known-compromised passwords at signup using industry breach databases.
• Login protection. Sign-in attempts are rate-limited to deter brute-force and credential-stuffing attacks.
• Edge protections. Our platform sits behind a global edge network providing DDoS mitigation and a web application firewall.
• Hardened browser policies. Strict Content-Security-Policy, HSTS, and other security headers reduce the risk of injection and downgrade attacks.

How we handle your data

• No payment data. We don't process or store credit card or banking information.
• We don't sell personal data. Your personal information stays private and is only used to run and improve the service. (See our Privacy Policy for our use of aggregated, de-identified trend data.)
• Row-level access controls. Your saved items are isolated to your account at the database level — other users and our public APIs cannot read them.
• Limited internal access. Sensitive tables are restricted to authorized service roles only.
• Automatic cleanup. Operational logs (rate limits, delivery records) are pruned on a regular schedule.

If something goes wrong

we have processes in place to investigate, contain, and notify affected users in the event of a security incident, in line with applicable laws.