Platform Controls
- Argon2 password hashing for account credentials.
- Session cookies configured for secure/http-only/samesite usage.
- Request rate limiting and API key validation.
- Security headers for browser hardening.
User Recommendations
- Keep API keys secret and rotate them regularly.
- Use strong, unique account passwords.
- Handle server errors and auth failures explicitly in client apps.
Report Security Issues
Send vulnerability reports to [email protected] with
reproducible details.