Security

Last updated: January 2026

Security Overview

We take security seriously and use reasonable safeguards designed to protect your account and collection data. No system is 100% secure, but we work to reduce risk and respond quickly when issues are found.

Data Encryption

In Transit

  • HTTPS/TLS: Data transmitted between your device and the Service is encrypted in transit.

At Rest

  • Provider safeguards: We rely on trusted infrastructure providers for storage and hosting controls.
  • Passwords: Authentication is handled by our auth provider; we do not store your password in plain text.

Authentication & Access Control

Account Security

  • Authentication: Sign-in is handled via our authentication provider (Supabase).
  • Sessions: We use session tokens to keep you signed in.

Access Control

  • Private by default: Your collection is only visible to you
  • Read-only sharing: Public links provide view-only access
  • Granular controls: You control what boxes are shared publicly and what is shown
  • Revocable access: Disable public links anytime

Infrastructure Security

Application Security

  • Input validation: All user input is sanitized and validated
  • SQL injection prevention: Parameterized queries throughout
  • Defense in depth: We use layered controls across our stack and providers

Monitoring & Incident Response

Incident Response

  • We investigate suspected security issues and work to mitigate them.
  • Where legally required, we will notify affected users of material security incidents.

Service Providers

Wax Cache uses third-party providers to operate the Service (for example: hosting, analytics, authentication, storage, and scanning services). We limit provider access to what is needed to run the Service.

Your Security Responsibilities

Security is a shared responsibility. You can help protect your account by:

  • Using a strong, unique password: Never reuse passwords across services
  • Keeping credentials private: Don't share your password with anyone
  • Logging out on shared devices: Always log out when using public computers
  • Reviewing shared links: Be mindful of what you make publicly accessible
  • Exporting backups: Regularly export your collection as CSV
  • Reporting suspicious activity: Contact us immediately if you notice anything unusual

Vulnerability Disclosure

We welcome responsible disclosures.

  • Report: Email support@waxcache.com with details and steps to reproduce
  • Coordinated disclosure: Please give us reasonable time to investigate and fix issues before public disclosure

Reporting Guidelines

  • Provide detailed steps to reproduce the vulnerability
  • Allow us reasonable time to fix the issue
  • Don't exploit the vulnerability beyond proof-of-concept
  • Don't access or modify other users' data

Security Updates

We continuously improve our security posture:

  • Dependency updates: Regular patching of third-party libraries
  • Code reviews: Changes are reviewed before deployment

Questions About Security?

Questions about security? Contact us at:

Email: support@waxcache.com

© 2026 Wax Cache and Ark AI LLC. All rights reserved.