Security Overview

Keeping your data safe and secure is a top priority for me. Not only is it the right thing to do, but I view it as critical to earning and keeping your trust. I make every effort to follow OWASP and industry standard best practices.

If you have specific questions that aren't addressed below, please contact


Data is transmitted using HTTPS. It is encrypted in transit using modern versions of TLS. Deprecated versions of TLS and SSL are not supported. External TLS validation services have been used to check TLS configuration correctness (receiving A+ and Excellent ratings). TLS certificates are provided by Let's Encrypt.

HSTS is used to require HTTPS connections. This website has been added to the HSTS preload list to protect your initial connection.

Backups are encrypted using age. The database is not encrypted at rest but physical access is restricted.

Passwords are hashed and salted using BCrypt with a cost factor of 10. Session tokens are only stored in hashed form.

Data Location uses a dedicated server in the Northeastern United States. Encrypted backups are stored in the United States using Google Cloud Storage. Emails are sent using Amazon Web Services US East (N. Virginia) region.

Software Updates

The operating system and software infrastructure are regularly updated with the latest security patches. Updates are installed automatically when possible. I subscribe to relevant mailing lists to receive security alerts and bulletins. I strongly prefer to use open source software that is well tested and actively maintained.

Data Deletion

Most data is deleted from the database immediately. Some sections of the site have a soft delete feature that allows you to undo accidental deletions. Soft deleted data is permanently deleted from the database after 30 days. When possible, there is functionality to immediately remove soft deleted data from the database.

Backups are created daily and deleted after 30 days. Therefore, it may take 60 days for soft deleted data to be deleted from both the database and backups.

If you have specific deletion requests that are unsupported, please contact

Law Enforcement

Your data will not be shared with law enforcement unless a court order requires it. You will be informed of any such request unless I am legally prevented from doing so.

Need to report an incident or vulnerability?

If you have noticed abuse, misuse, exploits, or vulnerabilities with your account or this website, please report it immediately to

I do not currently offer a bug bounty program but I am happy to credit you publicly if you wish.