Back
Security

Security & Data Protection

Encryption

  • In transit: all traffic to and from recoverytrauma.com is served over HTTPS/TLS.
  • At rest: data is encrypted at rest by our managed database provider.

Authentication

  • Passwords are hashed and salted server-side; we never see your plain-text password.
  • We check new and changed passwords against the Have I Been Pwned database to block known compromised passwords.
  • We support sign-in with Google in addition to email and password.

Access controls

  • Row-level security is enabled on every table that holds member data. Your journal, dream journal, check-ins, and saved items are visible only to you.
  • Administrative roles are stored in a dedicated, separately gated table; ordinary accounts cannot escalate privileges.
  • Service credentials never reach the browser bundle.

Responsible disclosure

Found a security issue? Please email security@recoverytrauma.com with details and steps to reproduce. We will acknowledge within 72 hours.