Our Commitment to Security
Your stories and personal information deserve protection. We implement multiple layers of security to keep your data safe.
1. Account Security
1.1 Password Protection
- Strong hashing — Passwords are hashed using bcrypt, a one-way algorithm
- Password requirements — Minimum 8 characters with complexity requirements
- Secure reset — Password reset via time-limited, single-use tokens
1.2 Session Management
- Secure sessions — Session tokens are cryptographically random
- Automatic expiration — Sessions expire after periods of inactivity
- Single logout — Sign out terminates your session immediately
2. Data Protection
2.1 Encryption
- In transit — All connections use HTTPS/TLS encryption
- At rest — Sensitive data is encrypted in our database
2.2 Access Controls
- Authentication required — Story data is only accessible when logged in
- User isolation — You can only access your own stories and data
- Admin restrictions — Administrative access is limited and audited
3. Infrastructure
3.1 Hosting
- Secure servers — Hosted on hardened Linux servers
- Regular updates — Security patches applied promptly
- Firewall protection — Network-level security controls
3.2 Backups
- Regular backups — Data is backed up regularly
- Encrypted storage — Backups are encrypted
4. Application Security
- Input validation — All user input is validated and sanitized
- SQL injection prevention — Parameterized queries throughout
- XSS protection — Output encoding prevents script injection
- CSRF protection — Forms protected against cross-site request forgery
5. Your Role in Security
Help us keep your account secure:
- Use a strong password — Unique to Lifspel, not reused elsewhere
- Keep credentials private — Never share your password
- Log out on shared devices — Don't stay logged in on public computers
- Report suspicious activity — Let us know if something seems wrong
6. Reporting Security Issues
If you discover a security vulnerability, please report it responsibly:
- Contact us with details of the issue
- Give us reasonable time to address the issue before disclosure
- Do not access or modify other users' data
We appreciate security researchers who help us keep Lifspel safe.
7. Questions
Questions about security? Contact us.