At BuddyHuddle, security is not an afterthought—it's built into every layer of our platform. We employ industry-leading security practices to protect your data, privacy, and ensure the integrity of our service.
Data Encryption
Encryption in Transit: All data transmitted between your device and our servers is encrypted using TLS 1.3, the latest and most secure encryption protocol
Encryption at Rest: All data stored in our databases is encrypted using AES-256 encryption
End-to-End Protection: Your sensitive information is protected throughout its entire lifecycle
Authentication & Access Control
Secure Authentication: We use industry-standard OAuth 2.0 and secure password hashing (bcrypt) for account protection
Multi-Factor Authentication: Available for enhanced account security
Session Management: Secure session tokens with automatic expiration
Row-Level Security (RLS): Database-level security policies ensure users can only access their own data and data from groups they belong to
Infrastructure Security
Cloud Infrastructure: Built on Supabase, which maintains SOC 2 Type II compliance and ISO 27001 certification
Regular Updates: All systems are kept up-to-date with the latest security patches
DDoS Protection: Advanced protection against distributed denial-of-service attacks
Backup & Recovery: Regular automated backups with point-in-time recovery capabilities
Monitoring: 24/7 security monitoring and alerting systems
Privacy & Data Protection
Data Isolation: Your data is isolated from other users through database-level security policies
No Data Sharing: We never sell your personal information to third parties
Minimal Data Collection: We only collect data necessary to provide our services
User Control: You control who can see your information through group membership
Data Deletion: You can delete your account and all associated data at any time
Security Best Practices for Users
While we handle security on our end, here are steps you can take to keep your account secure:
Use a strong, unique password for your account
Enable multi-factor authentication if available
Never share your account credentials with others
Be cautious when adding members to groups—only invite people you trust
Log out from shared or public devices
Keep your device software and browsers updated
Report any suspicious activity immediately
Security Audits & Compliance
Regular Audits: We conduct regular security audits and penetration testing
Compliance: Our infrastructure provider maintains SOC 2 Type II, ISO 27001, and GDPR compliance
Vulnerability Disclosure: We have a responsible disclosure policy for security researchers
Incident Response
In the unlikely event of a security incident, we have a comprehensive incident response plan that includes:
Immediate containment and mitigation
Investigation and root cause analysis
Notification to affected users (if required by law)
Post-incident review and improvements
Reporting Security Issues
If you discover a security vulnerability, please report it to us responsibly. We appreciate your help in keeping BuddyHuddle secure.
Email: security@buddyhuddle.app
Please include details about the vulnerability and steps to reproduce it.
Updates to Security Practices
We continuously improve our security practices. This page will be updated to reflect any significant changes. We recommend reviewing it periodically.