Security
Security & Data Protection
Encryption
- In transit: all traffic to and from recoverytrauma.com is served over HTTPS/TLS.
- At rest: data is encrypted at rest by our managed database provider.
Authentication
- Passwords are hashed and salted server-side; we never see your plain-text password.
- We check new and changed passwords against the Have I Been Pwned database to block known compromised passwords.
- We support sign-in with Google in addition to email and password.
Access controls
- Row-level security is enabled on every table that holds member data. Your journal, dream journal, check-ins, and saved items are visible only to you.
- Administrative roles are stored in a dedicated, separately gated table; ordinary accounts cannot escalate privileges.
- Service credentials never reach the browser bundle.
Responsible disclosure
Found a security issue? Please email security@recoverytrauma.com with details and steps to reproduce. We will acknowledge within 72 hours.
