Wax CacheWax Cache
  • Features
  • Product tour
  • Pricing
  • FAQ
  • Documentation
    Learn how to use Wax Cache
    Guides
    Card organization and workflow guides
    Support
    Get help from our team
    Alternatives
    Compare card collection apps
    Partner Program
    Apply to share Wax Cache
    Contact
    Reach out to us directly

Security

Last updated: July 2, 2026

Security Overview

We take security seriously and use reasonable safeguards designed to protect your account and collection data. No system is 100% secure, but we work to reduce risk and respond quickly when issues are found.

Data Encryption

In Transit

  • HTTPS/TLS: Data transmitted between your device and the Service is encrypted in transit.

At Rest

  • Provider safeguards: We rely on trusted infrastructure providers for storage and hosting controls.
  • Passwords: Authentication is handled by our auth provider; we do not store your password in plain text.

Authentication & Access Control

Account Security

  • Authentication: Sign-in is handled via our authentication provider (Supabase).
  • Sessions: We use session tokens to keep you signed in.

Access Control

  • Private by default: Your collection is only visible to you
  • Read-only sharing: Public links provide view-only access
  • Granular controls: You control what boxes are shared publicly and what is shown
  • Revocable access: Disable public links anytime

Infrastructure Security

Application Security

  • Input validation: We validate and normalize user input in key workflows such as imports, auth, public routes, marketplace actions, and server/API requests.
  • Database access: We use Supabase access controls, server-side checks, and structured query APIs designed to reduce injection and unauthorized-access risk.
  • Security headers: The app configures protections such as HTTPS/HSTS, X-Content-Type-Options, X-Frame-Options, Referrer-Policy, Permissions-Policy, and a Content Security Policy on app routes where supported.
  • Defense in depth: We use layered controls across our stack and providers

Monitoring & Incident Response

Incident Response

  • We investigate suspected security issues and work to mitigate them.
  • Where legally required, we will notify affected users of material security incidents.

Service Providers

Wax Cache uses third-party providers to operate the Service (for example: hosting, analytics, authentication, storage, and scanning services). We limit provider access to what is needed to run the Service.

Your Security Responsibilities

Security is a shared responsibility. You can help protect your account by:

  • Using a strong, unique password: Never reuse passwords across services
  • Keeping credentials private: Don't share your password with anyone
  • Logging out on shared devices: Always log out when using public computers
  • Reviewing shared links: Be mindful of what you make publicly accessible
  • Exporting backups: Regularly export your collection as CSV when your plan includes exports
  • Reporting suspicious activity: Contact us immediately if you notice anything unusual

Vulnerability Disclosure

We welcome responsible disclosures.

  • Report: Email support@waxcache.com with details and steps to reproduce
  • Coordinated disclosure: Please give us reasonable time to investigate and fix issues before public disclosure

Reporting Guidelines

  • Provide detailed steps to reproduce the vulnerability
  • Allow us reasonable time to fix the issue
  • Don't exploit the vulnerability beyond proof-of-concept
  • Don't access or modify other users' data

Security Updates

We work to improve our security posture over time:

  • Dependency maintenance: We monitor and update third-party libraries as part of normal development.
  • Change review: We review security-sensitive changes and test critical workflows before release.

Questions About Security?

Questions about security? Contact us at:

Email: support@waxcache.com

© 2026 Wax Cache and Ark AI LLC. All rights reserved.