Security

We minimize what we hold.
We harden what we do.

Because vision runs on your device, there is no biometric data on our side. The metrics we do store are protected with the same controls you'd expect from a serious infrastructure team.

Encrypted in transit

All metrics travel over TLS 1.3 with HSTS. Browsers refuse to talk to us over plain HTTP.

Encrypted at rest

Aggregate metrics are encrypted at rest with AES-256. Backups are encrypted and tested quarterly.

Least-privilege access

Engineers do not have access to user data by default. All elevated access is short-lived, audited and reviewed.

SOC-2 ready

Controls aligned with SOC-2 Type II. Penetration test reports available under NDA for enterprise customers.

Disclosure

Found something? Tell us.

Email security@screenguardian.app with details. We respond within 24 hours and run a coordinated disclosure process with researchers.