Security

Security at Privacy Gecko

We take security seriously. Learn about our practices, report vulnerabilities, and help us keep everyone safe.

Our Approach

How We Protect You

Security and privacy are at the core of everything we build

Encryption

All data transmitted to and from our services uses industry-standard TLS 1.3 encryption.

Security Headers

We implement comprehensive security headers including CSP, HSTS, and X-Frame-Options to protect against common attacks.

Privacy by Design

We collect minimal data and never share it with third parties. No tracking, no ads, no data selling.

Regular Audits

Our codebase undergoes regular security reviews. Product code will be audited before Q4 2025 release.

Responsible Disclosure

We appreciate the security research community and believe in responsible disclosure. If you discover a security vulnerability in our systems, please report it to us following these guidelines:

How to Report

Email: Send a detailed report to security@privacygecko.com
Encryption: You can encrypt your message using our PGP key (coming soon)
Details: Include steps to reproduce, potential impact, and any proof-of-concept code
Timeline: We aim to acknowledge reports within 48 hours and provide updates weekly

What to Expect

Acknowledgment of your report within 48 hours
Regular updates on our progress addressing the issue
Credit for your discovery (if desired) after the issue is resolved
No legal action for good-faith security research

Out of Scope

Social engineering or phishing attacks
Denial of Service (DoS) attacks
Physical security issues
Issues in third-party services not under our control

Report a Vulnerability View Source Code

Data Protection

How We Handle Your Data

Minimal Data Collection

We collect only the essential data needed to provide our services. No tracking cookies, no analytics beyond privacy-friendly Plausible, no third-party marketing tools.

Data Storage

User data is encrypted at rest and in transit. We use industry-standard practices for secure data storage and never store sensitive information unnecessarily.

Third-Party Services

We carefully vet all third-party services. Currently, we only use:

Plausible Analytics (privacy-friendly, GDPR-compliant, no cookies)
Vercel (hosting infrastructure with strong security practices)
Stripe (payment processing with PCI DSS Level 1 compliance)

Your Rights

You have the right to access, correct, or delete your data at any time. Contact us at privacy@privacygecko.com for data requests.

Roadmap

Security Milestones

✓

Q1 2025 - Website Launch

Open-sourced website code, implemented security headers, GDPR-compliant cookie consent

Q4 2025 - Product Launches

Comprehensive security audit before product releases, open-source product code, penetration testing completion

2026

2026 - Ongoing Security

Annual security audits, bug bounty program launch, SOC 2 Type II certification pursuit

Security Acknowledgments

We would like to thank the following researchers for responsibly disclosing security vulnerabilities and helping us improve Privacy Gecko:

No vulnerabilities have been reported yet. Be the first to help us make Privacy Gecko more secure!

Questions About Security?

We're here to help. Contact our security team or learn more about our privacy practices.

Contact Security Team Read Privacy Policy

We appreciate the security research community and believe in responsible disclosure. If you discover a security vulnerability in our systems, please report it to us following these guidelines:

How to Report

Email: Send a detailed report to security@privacygecko.com
Encryption: You can encrypt your message using our PGP key (coming soon)
Details: Include steps to reproduce, potential impact, and any proof-of-concept code
Timeline: We aim to acknowledge reports within 48 hours and provide updates weekly

What to Expect

Acknowledgment of your report within 48 hours
Regular updates on our progress addressing the issue
Credit for your discovery (if desired) after the issue is resolved
No legal action for good-faith security research

Out of Scope

Social engineering or phishing attacks
Denial of Service (DoS) attacks
Physical security issues
Issues in third-party services not under our control