Trust Center

Security and compliance at LoginWith

Security at a Glance

πŸ”’

AES-256 Encryption

All data encrypted at rest

πŸ›‘οΈ

99.9% Uptime SLA

Highly available infrastructure

πŸ‡ͺπŸ‡Ί

EU Data Residency

All data stored in Europe

Compliance

πŸ‡ͺπŸ‡Ί

GDPR Compliant

Full compliance with the General Data Protection Regulation

πŸ‡ΊπŸ‡Έ

CCPA Compliant

Full compliance with the California Consumer Privacy Act

Data Security

πŸ” Encryption at Rest

All data stored in our databases is encrypted using AES-256 encryption, the industry standard for data protection. This encryption is provided by MongoDB Atlas and ensures your data remains secure even in the unlikely event of physical access to storage media.

πŸ”— Encryption in Transit

All data transmitted between your browser and our servers is protected with TLS (Transport Layer Security) encryption. We enforce HTTPS on all connections and use modern cipher suites to protect against eavesdropping and tampering.

πŸ”‘ Password Security

Passwords are hashed using Argon2, the winner of the Password Hashing Competition (PHC). Argon2 is designed to be resistant to both GPU-based and specialized hardware attacks, providing maximum protection for user credentials.

Infrastructure

Our Technology Stack

Scaleway

French cloud infrastructure provider

EU-based

MongoDB Atlas

Managed database service (EU region)

EU-based

High Availability

Our infrastructure is designed for 99.9% uptime. We use redundant systems, automatic failover, and continuous monitoring to ensure LoginWith is always available when you need it.

Data Residency

All customer data is stored exclusively in European data centers. This ensures compliance with EU data protection regulations and provides peace of mind for European customers.

Security Practices

βœ“

Annual Penetration Testing

We conduct comprehensive security assessments annually to identify and address potential vulnerabilities.

βœ“

Continuous Monitoring

24/7 monitoring of our systems for security threats, performance issues, and anomalies.

βœ“

Secure Development

Security-first approach to development with code reviews, automated testing, and dependency scanning.

βœ“

Access Controls

Strict role-based access controls and principle of least privilege for all internal systems.

Bug Bounty Program

πŸ›

Help Us Stay Secure

We value the security research community and welcome responsible disclosure of vulnerabilities. If you discover a security issue, we want to hear from you.

Scope

The following assets are in scope for our bug bounty program:

  • loginwith.app - Main application and authentication flows
  • console.loginwith.app - Developer console
  • *.loginwith.dev - API endpoints (org-scoped subdomains)

Qualifying Vulnerabilities

In Scope

  • β€’ Authentication bypass
  • β€’ SQL/NoSQL injection
  • β€’ Cross-site scripting (XSS)
  • β€’ Remote code execution
  • β€’ Privilege escalation
  • β€’ Sensitive data exposure

Out of Scope

  • β€’ Denial of service attacks
  • β€’ Social engineering
  • β€’ Physical security issues
  • β€’ Self-XSS
  • β€’ Missing security headers (non-exploitable)
  • β€’ Rate limiting issues

How to Report

  1. Email your findings to security@loginwith.app
  2. Include detailed steps to reproduce the vulnerability
  3. Provide proof of concept if applicable
  4. Allow us reasonable time to address the issue before disclosure

Our Commitment

β€’ We will acknowledge receipt within 48 hours

β€’ We will provide an initial assessment within 7 days

β€’ We will not pursue legal action against researchers acting in good faith

β€’ We will credit researchers in our security acknowledgments (if desired)

Data Practices

We do not sell your data

Your data is never sold to third parties. We only use your information to provide and improve our service.

Data Retention

Data is retained for the duration of your account. After account deletion, data is retained for 1 year for legal compliance, then permanently deleted.

Cookie Policy

We use cookies strictly for authentication. No tracking cookies, advertising cookies, or third-party analytics are used.

Security Contact

If you have security concerns or want to report a vulnerability, please contact our security team:

Security issues: security@loginwith.app

Privacy concerns: privacy@loginwith.app

Data Protection Officer: dpo@loginwith.app