Security
Your conference data, protected
We build with recognized secure-development practices and are direct about what we do and do not claim. The controls below reflect how the platform works today. For the full picture, visit our Trust Center.
Data protection
- TLS protects traffic in transit, and production responses set HSTS with a one-year max age.
- PostgreSQL is managed and schema-migrated with Alembic; uploads live in S3-compatible object storage and are served only to authorized users.
- The platform does not add account email addresses to AI prompts; user-supplied paper or prompt content may still contain identifiers.
- Secrets are stored server-side only and are never exposed to the browser.
Application security
- A Content-Security-Policy plus X-Frame-Options: DENY and X-Content-Type-Options: nosniff harden the browser surface.
- Output is escaped to prevent stored XSS, including inside JSON-LD structured data.
- SSRF protection blocks outbound webhooks to internal and link-local address ranges.
- Every organizer role is enforced server-side, and data is scoped per conference so one organizer cannot reach another organizer's records.
Authentication and access
- Authentication uses JWTs stored in httpOnly cookies, keeping tokens out of JavaScript's reach.
- Passwords are hashed with bcrypt.
- Per-IP rate limiting and per-account lockout slow down brute-force attempts.
- Login and registration responses are non-enumerating, so they do not reveal whether an account exists.
Payments
- Card data is handled through Stripe-hosted payment flows where registration payments are enabled; the application does not store card numbers.
- Payments run through Stripe-hosted checkout; prices are set server-side.
- The platform is currently in Stripe test mode pre-launch, so no live charges are processed yet.
AI and privacy
- AI assistance (Google Gemini / Google AI) is advisory and human-in-the-loop. It does not make final paper decisions or send author decisions without an organizer action.
- We minimize platform-added context sent to AI providers and do not add account email addresses. Organizers remain responsible for identifiers present in user-supplied content.
- Analytics are first-party with no third-party advertising trackers, and cookie and analytics consent surfaces are provided.
Monitoring and response
- Sensitive actions are recorded in an audit log for accountability and investigation.
- Application errors can be sent to Sentry when the production DSN is configured; signed synthetic-monitor evidence is tracked separately.
- Security reports are welcome through our responsible disclosure process.
Compliance status
An honest note on certifications. Our security program is informed by recognized SaaS security practices, and formal certifications may be pursued as the platform matures. We are not currently SOC 2 or ISO 27001 certified, and we will not claim otherwise.
Privacy controls include data minimization, self-service data export (GET /users/me/export), terminal account deletion that revokes authentication and scrubs personal identifiers, and consent-backed first-party analytics. These controls are not presented as a regulatory certification.
Payment card handling is delegated to Stripe-hosted checkout where enabled; we never store card numbers. If your organization has specific compliance requirements, contact us and we will walk you through our current posture.