Security

Last Updated: October 2024

Our Commitment to Security

Security is a top priority at Squeed. We implement industry-standard security practices to protect your data, workflows, and API credentials. This page outlines our security measures and policies.

Data Encryption

Your data is protected through multiple layers of encryption:

  • In Transit: All data transmitted between your browser and our servers uses TLS 1.3 encryption
  • At Rest: Data stored in our databases is encrypted using AES-256 encryption
  • API Keys: Sensitive credentials are encrypted with additional layers of protection
  • Environment Variables: Stored securely with encryption at rest

Authentication & Access Control

We implement robust authentication mechanisms:

  • Firebase Authentication: Industry-standard authentication with multiple providers
  • Session Management: Secure session handling with automatic expiration
  • API Key Security: Your API keys are your responsibility - never share them
  • Access Control: Project-level permissions and sharing controls
  • Two-Factor Authentication: Available through Firebase Auth providers

Infrastructure Security

Our infrastructure is built with security in mind:

  • Cloud Provider: Hosted on secure, compliant cloud infrastructure
  • Firewall Protection: Network-level security with strict firewall rules
  • DDoS Protection: Built-in protection against distributed denial-of-service attacks
  • Regular Backups: Automated backups with encrypted storage
  • Monitoring: 24/7 security monitoring and alerting

Application Security

Squeed implements comprehensive application-level security:

  • Input Validation: All user inputs are validated and sanitized
  • XSS Protection: Protection against cross-site scripting attacks
  • CSRF Protection: Tokens to prevent cross-site request forgery
  • SQL Injection Prevention: Parameterized queries and ORM usage
  • Content Security Policy: Strict CSP headers to prevent unauthorized scripts
  • Regular Security Audits: Periodic reviews of code and dependencies

API Security

When using Squeed's API testing features with third-party APIs:

  • Credentials Storage: API keys and tokens are encrypted at rest
  • Environment Isolation: Separate environments prevent credential leakage
  • HTTPS Only: API requests are made over secure HTTPS connections
  • No Logging: Sensitive headers and credentials are not logged
  • Client-Side Processing: Many operations happen in your browser for added security

Data Privacy & Ownership

Your data belongs to you:

  • Data Ownership: You retain full ownership of your content and workflows
  • Export Capabilities: Export your data at any time in multiple formats
  • Deletion Rights: Request complete data deletion at any time
  • No Data Mining: We do not sell or share your data with third parties
  • Minimal Collection: We only collect data necessary for service operation

Compliance & Standards

We adhere to industry standards and best practices:

  • OWASP Top 10 security guidelines
  • SOC 2 security principles
  • Privacy-by-design principles
  • Regular security training for team members
  • Incident response procedures

Vulnerability Disclosure

We appreciate the security research community's help in keeping Squeed secure. If you discover a security vulnerability, please report it responsibly.

Responsible Disclosure Process:

  • Email security concerns to: security@squeed.co
  • Include detailed steps to reproduce the vulnerability
  • Allow us reasonable time to address the issue before public disclosure
  • Do not exploit the vulnerability or access user data

Security Best Practices for Users

Help protect your Squeed account:

  • Strong Passwords: Use unique, complex passwords for your account
  • 2FA: Enable two-factor authentication when available
  • API Key Protection: Never share API keys or commit them to version control
  • Regular Reviews: Periodically review your project sharing settings
  • Secure Devices: Only access Squeed from trusted, secure devices
  • Log Out: Log out when using shared or public computers
  • Report Issues: Report suspicious activity immediately

Incident Response

In the event of a security incident:

  • We will investigate and contain the incident immediately
  • Affected users will be notified within 72 hours
  • We will provide regular updates during the resolution process
  • Post-incident analysis will be conducted to prevent recurrence

Third-Party Services

Squeed integrates with trusted third-party services:

  • Firebase: Authentication and database services (Google Cloud)
  • AI Providers: Claude, OpenAI, Gemini, Groq, Mistral - data sent per your configuration
  • CDN & Hosting: Secure content delivery and hosting infrastructure

All third-party services are vetted for security and compliance standards.

Security Updates

We continuously improve our security posture:

  • Regular dependency updates and security patches
  • Automated vulnerability scanning
  • Periodic penetration testing
  • Security-focused code reviews

Contact Security Team

For security-related inquiries:

Security Notice

If you believe you've discovered a security vulnerability, please report it immediately to security@squeed.co rather than posting publicly. We take all security reports seriously and will respond promptly.