Security
How we protect your data and the product itself.
Last updated January 1, 2026
This is a placeholder security page for App. Replace it with your own posture before going to production. The sections below are a common starting point for the questions teams ask during a vendor or risk review.
Reporting a vulnerability
If you believe you've found a security issue, email security@example.com. Machine-readable contact details are published at /.well-known/security.txt. Please give us a reasonable window to respond before any public disclosure.
Infrastructure
Describe where the app runs and who your infrastructure providers are (this template deploys to Cloudflare Workers, D1, and related services), and note any relevant certifications those providers hold.
Data protection
Explain how data is encrypted in transit and at rest, how secrets are managed, and how access to production data is controlled.
Secure development
Describe your CI/CD safeguards — automated lint, type-check, and dependency scanning (Dependabot) — and your staging-before-production workflow.
Subprocessors
List the third parties that may process customer data (e.g. error monitoring and analytics) and link to their own policies.