Security Program

The production service uses TLS, App Attest enforcement for protected mutation endpoints, server-side StoreKit validation, rate limits, server-authoritative economy state, and challenge proof validation.

Report a Security Issue

Report suspected vulnerabilities through the support form. Include reproduction steps, affected endpoint or app version, and impact. Do not access, modify, or exfiltrate data that is not yours.