Skip to main content

Security

Security at Privacy Gecko

We take security seriously. Learn about our practices, report vulnerabilities, and help us keep everyone safe.

Our Approach

How We Protect You

Security and privacy are at the core of everything we build

Encryption

All data transmitted to and from our services uses industry-standard TLS 1.3 encryption.

Security Headers

We implement comprehensive security headers including CSP, HSTS, and X-Frame-Options to protect against common attacks.

Privacy by Design

We collect minimal data and never share it with third parties. No tracking, no ads, no data selling.

Regular Audits

Our codebase undergoes regular security reviews. Product code will be audited before Q4 2025 release.

Responsible Disclosure

We appreciate the security research community and believe in responsible disclosure. If you discover a security vulnerability in our systems, please report it to us following these guidelines:

How to Report

  1. Email: Send a detailed report to security@privacygecko.com
  2. Encryption: You can encrypt your message using our PGP key (coming soon)
  3. Details: Include steps to reproduce, potential impact, and any proof-of-concept code
  4. Timeline: We aim to acknowledge reports within 48 hours and provide updates weekly

What to Expect

  • Acknowledgment of your report within 48 hours
  • Regular updates on our progress addressing the issue
  • Credit for your discovery (if desired) after the issue is resolved
  • No legal action for good-faith security research

Out of Scope

  • Social engineering or phishing attacks
  • Denial of Service (DoS) attacks
  • Physical security issues
  • Issues in third-party services not under our control
Report a VulnerabilityView Source Code

Data Protection

How We Handle Your Data

Minimal Data Collection

We collect only the essential data needed to provide our services. No tracking cookies, no analytics beyond privacy-friendly Plausible, no third-party marketing tools.

Data Storage

User data is encrypted at rest and in transit. We use industry-standard practices for secure data storage and never store sensitive information unnecessarily.

Third-Party Services

We carefully vet all third-party services. Currently, we only use:

  • Plausible Analytics (privacy-friendly, GDPR-compliant, no cookies)
  • Vercel (hosting infrastructure with strong security practices)
  • Stripe (payment processing with PCI DSS Level 1 compliance)

Your Rights

You have the right to access, correct, or delete your data at any time. Contact us at privacy@privacygecko.com for data requests.

Roadmap

Security Milestones

Q1 2025 - Website Launch

Open-sourced website code, implemented security headers, GDPR-compliant cookie consent

Q4

Q4 2025 - Product Launches

Comprehensive security audit before product releases, open-source product code, penetration testing completion

2026

2026 - Ongoing Security

Annual security audits, bug bounty program launch, SOC 2 Type II certification pursuit

Security Acknowledgments

We would like to thank the following researchers for responsibly disclosing security vulnerabilities and helping us improve Privacy Gecko:

No vulnerabilities have been reported yet. Be the first to help us make Privacy Gecko more secure!

Questions About Security?

We're here to help. Contact our security team or learn more about our privacy practices.

Contact Security TeamRead Privacy Policy
Join Beta - Free Forever Tier →