Security
We take reasonable measures to protect your data and keep SortSites reliable. This page explains our approach and how to report an issue.
At a glance
- Encrypted in transit: HTTPS/TLS for web traffic.
- Authentication: secure sign-in via trusted identity providers.
- Payments: handled by Stripe; we don’t store card details.
- Access control: least-privilege access to data and systems.
What we store
- Account identifier (like email) and basic profile info (if provided).
- Your saved content: bookmarks, titles, tags, notes, collections.
- Subscription status and plan metadata (not card numbers).
What we don’t store: passwords (when using OAuth), full card details, or sensitive payment credentials.
Operational security
Monitoring & reliability
We monitor for service errors and unusual behavior to keep SortSites stable and protect users from abuse.
Updates
We regularly patch dependencies and improve safeguards as the product evolves.
Backups & recovery
We use standard recovery practices to reduce downtime and data loss risk.
Your security checklist
- Enable 2-step verification on your Google account.
- Use a device lock (PIN/biometrics) on shared devices.
- Sign out on public computers.
- Report anything suspicious.
Report a vulnerability
If you believe you found a security issue, email us at [email protected].
- Include steps to reproduce, affected URLs, and expected vs actual behavior.
- Attach screenshots or screen recordings if helpful.
- Do not access other users’ data or perform disruptive testing (e.g., DDoS).
We’ll acknowledge reports and work to fix valid issues as quickly as we can.
Security disclosures
If we detect a significant security incident impacting user data, we will take steps to contain it, investigate, and notify affected users where appropriate.