Security

Your data is safe with us.

Security is built into every layer of Portify, not added as an afterthought. Here's exactly how we protect your account and data.
How we protect you

Security by default.

The four pillars of how we keep your account and data secure.

Encrypted in transit

All data transmitted between your browser and our servers is encrypted via HTTPS/TLS 1.3. We enforce HTTPS across all endpoints, no exceptions.

Secure authentication

Passwords are hashed using bcrypt with a high work factor. We use HTTP-only cookies for session management to prevent client-side token theft.

Minimal data storage

We store only what's necessary. Sensitive credentials (API keys, database passwords) are managed via environment variables and never committed to code.

Access controls

Internal access to production data is restricted on a need-to-know basis. All access is logged and reviewed regularly.

Security checklist

What's implemented today.

A complete list of the security controls currently in place across the Portify platform.
  • HTTPS enforced on all routes
  • HTTP-only, SameSite cookies for session tokens
  • bcrypt password hashing
  • Cloudinary signed uploads for file security
  • Environment-based secret management
  • CORS configured to allowed origins only
  • Input validation and sanitization on all API endpoints
  • Rate limiting on authentication and AI endpoints

Found a vulnerability?

We appreciate responsible disclosure. If you discover a security issue, please contact us privately before making it public. We'll acknowledge your report within 48 hours and work to resolve it promptly.

Report a vulnerability