Security at Geogrid.

We take the security of your data seriously. Here's how we protect your account and information.

Authentication

  • Passwords hashed with bcrypt (industry-standard)
  • OAuth 2.0 via Google and GitHub
  • Session tokens with automatic expiration
  • Rate-limited login attempts to prevent brute force

Infrastructure

  • Hosted on Hetzner with automatic SSL/TLS encryption
  • Database powered by Supabase with Row Level Security (RLS)
  • All data encrypted in transit (HTTPS) and at rest (AES-256)
  • Automatic backups with point-in-time recovery

Data Protection

  • GDPR compliant — full data access, portability, and deletion rights
  • No sale of personal data to third parties
  • Minimal data collection — we only store what's necessary
  • Payment data handled exclusively by PCI-DSS compliant processors

Application Security

  • Input validation and sanitization on all endpoints
  • Protection against OWASP Top 10 vulnerabilities
  • IP-based abuse detection to prevent multi-account fraud
  • Regular dependency audits and security patches

Responsible Disclosure

If you discover a security vulnerability, please report it responsibly to [email protected]. We ask that you give us reasonable time to address the issue before making it public. We appreciate your help keeping Geogrid safe for everyone.