Security at Taresense

Passwords are hashed with bcrypt at cost factor 12. Sessions are JWT tokens stored in httpOnly, sameSite cookies. We never see your password and never store it in any reversible form.

All connections to taresense.com use TLS. Our API does not accept unencrypted requests in production.

User data is stored in a managed Postgres instance with disk encryption enabled. Database backups are encrypted.

We never see your card number. All payments are processed by Stripe; we store only the Stripe customer ID and subscription status.

Email security@taresense.com. We will acknowledge within 48 hours and keep you in the loop until the issue is resolved. We don’t pay bounties yet, but we credit researchers in our security disclosures page (with permission).