Security
We minimize what we hold.
We harden what we do.
Because vision runs on your device, there is no biometric data on our side. The metrics we do store are protected with the same controls you'd expect from a serious infrastructure team.
Encrypted in transit
All metrics travel over TLS 1.3 with HSTS. Browsers refuse to talk to us over plain HTTP.
Encrypted at rest
Aggregate metrics are encrypted at rest with AES-256. Backups are encrypted and tested quarterly.
Least-privilege access
Engineers do not have access to user data by default. All elevated access is short-lived, audited and reviewed.
SOC-2 ready
Controls aligned with SOC-2 Type II. Penetration test reports available under NDA for enterprise customers.
Disclosure
Found something? Tell us.
Email security@screenguardian.app with details. We respond within 24 hours and run a coordinated disclosure process with researchers.