Security

A short, honest summary of how PhenoTrack protects your data. This page reflects what is shipped today; planned work is called out as "planned" rather than dressed up as done.

Authentication

• Email + password and Google Sign-In.
• Brute-force protection: client-side lockout after repeated failed sign-in attempts.
• We don't store your password on our servers — credential storage is handled by our authentication provider.

In transit

• All network traffic is over HTTPS / TLS 1.2+.
• Our edge layer provides TLS termination, WAF, and DDoS protection.

At rest

• Cloud data is encrypted at rest.
• Local database encryption is planned for a future release; the encryption key is already generated and held in the device's secure storage.
• Photos are EXIF-stripped (GPS, device serial, software) before being saved or uploaded.

Authorisation

• Each user can only read or write their own data. Cross-tenant reads are denied at the database layer.
• Photo storage uses the same model — only the owner can read or write their own files.
• Client integrity verification is planned (monitor mode first, then enforce).

Privacy

• Crash reports and analytics are off by default and require explicit opt-in.
• Account deletion (Settings → Delete account) is a hard delete: every copy of your data on our servers and on this device is wiped. There is no soft-delete or recovery window.
• Data export (Settings → Export data) produces a JSON snapshot you can take with you.

Disclosing a vulnerability

If you find a security issue, please write to security@phenotrack.com before disclosing it publicly. We'll acknowledge within 72 hours.