Security isn't an afterthought — it's built into every layer of the platform. Here's an overview of the measures in place to keep your account and data safe.
Passwords are hashed using modern, computationally expensive algorithms. Even if database data were exposed, passwords cannot be reversed.
Admin and server operator accounts require email verification on every login. A one-time code is sent to your registered email before access is granted.
Login attempts are rate-limited per IP address. Brute-force attacks are blocked before they can make meaningful progress.
All accounts must verify their email address before they can log in. This prevents impersonation and ensures account recovery is possible.
Every node in the federation authenticates using public-key cryptography. Requests are digitally signed and verified — no node can impersonate another.
Nodes are classified into trust tiers. Only vetted official nodes can push changes to the network. Community mesh nodes are read-only — they receive data but cannot modify the authoritative dataset.
Every federation request includes a unique signature and timestamp. Replayed or tampered requests are automatically detected and rejected.
Only modern, computationally expensive password hashes are allowed to sync across the federation. Weak or outdated hash formats are automatically rejected at both ends.
Sensitive data is encrypted before it reaches the database. Even with direct database access, sensitive fields are unreadable without the encryption keys.
All connections use TLS encryption. Data moving between your browser and our servers, and between federation nodes, is encrypted end-to-end.
IP addresses and other personally identifiable information are stripped from all public API responses and from data that syncs across the federation.
Security-relevant events are logged and retained for monitoring. This includes federation sync events, authentication attempts, and administrative actions.
The platform sits behind Cloudflare's global network, providing DDoS mitigation, Web Application Firewall (WAF), and bot protection at the edge.
Internal services like metrics and monitoring endpoints are not accessible from the public internet. Only authorized internal systems can access them.
All sensitive endpoints are rate-limited to prevent abuse. This includes login, registration, account operations, and federation API endpoints.
The entire platform is open source on GitHub. Security through obscurity is not our model — we believe transparency makes software more secure, not less.
We don't store your password in plain text — ever.
We don't share your email with third parties.
We don't track you across the web or sell analytics data.
We don't expose IP addresses in public APIs or federation sync.
We don't allow weak or outdated password hashes to propagate across the network.