Security First

At Splitaway, the security of your data is our top priority. We implement industry-leading practices to ensure your information remains private and secure.

Data Encryption

All data transmitted between your browser and our servers is encrypted in transit using modern TLS (Transport Layer Security) protocols. Your data at rest is protected by AES-256 encryption within our Supabase-hosted Postgres databases.

Row Level Security (RLS)

We employ strict Row Level Security policies. This means at the database level, it is mathematically impossible for another user to read or modify your trip data. You only have access to records associated directly with your authenticated user ID.

Authentication

We do not store your passwords in plain text. All user authentication is handled via securely hashed credentials and verifiable JWTs (JSON Web Tokens) generated by Supabase Auth.

Local Storage

To enable our fast, offline-ready experience, we store active trip data in your browser's local storage. This data is only accessible via your specific browser and is cleared upon securely logging out.

Vulnerability Reporting

We welcome feedback from the security community. If you believe you have found a security vulnerability in Splitaway, please contact us immediately at mehtaajay8873@gmail.com.