Byres

Security

Last updated: January 1, 2025

Our Commitment

Security is a top priority at BYRES. We take the protection of your data and the integrity of our platform seriously. This page outlines our security practices and how to report vulnerabilities responsibly.

Security Practices

  • All data is encrypted in transit using TLS.
  • Passwords are hashed using bcrypt with a high work factor.
  • Authentication sessions use secure, short-lived JWT tokens.
  • Rate limiting is enforced on all authentication endpoints.
  • Input validation is performed on all user-submitted data.
  • Regular security reviews and dependency updates.

Responsible Disclosure

If you discover a security vulnerability in BYRES, we ask that you report it to us responsibly. Please do not publicly disclose the issue until we have had an opportunity to investigate and address it.

To report a security issue, please contact us through our contact page with a detailed description of the vulnerability and steps to reproduce it.

Scope

Our responsible disclosure policy covers the BYRES platform and its associated APIs. It does not cover third-party services we integrate with (such as Stripe, Resend, or Vercel).