litstreet.
Sign in

Security

How we protect your data.

Security isn't a feature we bolt on — it's part of how Litstreet is built. Here is a plain-language overview of the measures we use to keep your account and your data safe.

Encryption in transit

All traffic between your browser and Litstreet is encrypted with HTTPS/TLS. That applies everywhere on the site — sign-in, browsing, and posting — so data moving over the network is protected from eavesdropping and tampering.

Authentication

Accounts are managed through Supabase Auth, a dedicated authentication service. Passwords are stored as salted hashes, never in plain text, so we never hold your actual password. If you prefer, you can sign in with Google instead of a password.

Access control

We enforce access at the data layer using row-level security, so users can only reach the records they're authorized to see. We follow least-privilege principles for internal access, and forum data is isolated behind a dedicated service boundary rather than exposed directly to the client.

Payment data

We don't store your card data. Payment details are handled by our payment provider, so sensitive card information never touches our servers.

Responsible disclosure

Found something?

If you believe you've discovered a security vulnerability, we want to hear from you. Please report it through our contact page with enough detail for us to reproduce it, and give us a reasonable window to respond before disclosing it publicly. We investigate every report.