Security Policy
How we protect your data
Last updated: February 2026
1. Security Practices
ShipOdds implements industry-standard security measures to protect your data and ensure platform integrity.
2. Data Protection
We employ the following security measures:
- Authentication via Supabase Auth with magic links (no passwords stored)
- Row-Level Security (RLS) on all database tables
- All communications encrypted via HTTPS/TLS
- Rate limiting on all endpoints (Upstash Redis)
- Security headers (CSP, HSTS, X-Frame-Options, etc.)
- Server-side validation of all inputs (Zod schemas)
- Atomic ship transactions with database-level locking
- Stripe webhook signature verification
3. Incident Response
In the event of a security incident affecting personal data, we will: notify affected users within 72 hours as required by the GDPR, report to the CNIL if required, take immediate steps to contain and remediate the incident, conduct a post-incident review to prevent recurrence.
4. Vulnerability Reporting
If you discover a security vulnerability, please report it responsibly to: security@shipodds.gg. We commit to acknowledging your report within 48 hours and keeping you informed of our progress. We ask that you do not publicly disclose the vulnerability until we have had a chance to address it.
5. Contact
For any security-related questions or concerns, contact us at: security@shipodds.gg