Security

Our commitment to keeping your collection data safe

Security Overview

We take security seriously and use reasonable safeguards designed to protect your account and collection data. No system is 100% secure, but we work to reduce risk and respond quickly when issues are found.

Data Encryption

In Transit

  • HTTPS/TLS: Data transmitted between your device and the Service is encrypted in transit.

At Rest

  • Provider safeguards: We rely on trusted infrastructure providers for storage and hosting controls.
  • Passwords: Authentication is handled by our auth provider; we do not store your password in plain text.

Authentication & Access Control

Account Security

  • Authentication: Sign-in is handled via our authentication provider (Supabase).
  • Sessions: We use session tokens to keep you signed in.

Access Control

  • Private by default: Your collection is only visible to you
  • Read-only sharing: Public links provide view-only access
  • Granular controls: You control what boxes are shared publicly and what is shown
  • Revocable access: Disable public links anytime

Infrastructure Security

Application Security

  • Input validation: All user input is sanitized and validated
  • SQL injection prevention: Parameterized queries throughout
  • Defense in depth: We use layered controls across our stack and providers

Monitoring & Incident Response

Incident Response

  • We investigate suspected security issues and work to mitigate them.
  • Where legally required, we will notify affected users of material security incidents.

Service Providers

Wax Cache uses third-party providers to operate the Service (for example: hosting, analytics, authentication, storage, and scanning services). We limit provider access to what is needed to run the Service.

Your Security Responsibilities

Security is a shared responsibility. You can help protect your account by:

  • Using a strong, unique password: Never reuse passwords across services
  • Keeping credentials private: Don't share your password with anyone
  • Logging out on shared devices: Always log out when using public computers
  • Reviewing shared links: Be mindful of what you make publicly accessible
  • Exporting backups: Regularly export your collection as CSV
  • Reporting suspicious activity: Contact us immediately if you notice anything unusual

Vulnerability Disclosure

We welcome responsible disclosures.

  • Report: Email support@waxcache.com with details and steps to reproduce
  • Coordinated disclosure: Please give us reasonable time to investigate and fix issues before public disclosure

Reporting Guidelines

  • Provide detailed steps to reproduce the vulnerability
  • Allow us reasonable time to fix the issue
  • Don't exploit the vulnerability beyond proof-of-concept
  • Don't access or modify other users' data

Security Updates

We continuously improve our security posture:

  • Dependency updates: Regular patching of third-party libraries
  • Code reviews: Changes are reviewed before deployment

Questions About Security?

Questions about security? Contact us at:

Email: support@waxcache.com