VValutoria

Trust

Security and trust

This page is maintained by the Valutoria team and describes how we protect user accounts and data. It is not an independent certification — it is an honest description of the controls currently enabled in the app.

Authentication

  • Sign in with email and password or with Google.
  • Passwords are stored hashed — never in plain text.
  • User sessions use secure tokens that refresh automatically.

Data access

  • The database uses Row-Level Security: each user sees only their own records.
  • Administrative operations run through server functions that verify the caller's role.
  • Roles (reader, editor, admin) are stored separately from the user profile to prevent privilege escalation.

Transport and storage

  • All traffic between the browser and the server runs over HTTPS.
  • Secrets (API keys) are kept exclusively on the server side.
  • File storage (e.g. article images) is private by default; access is governed by policies.

Privacy and newsletter

  • Subscriber emails are visible only to administrators and editors.
  • Newsletter sign-up never reveals whether an email is already subscribed.
  • More about data processing: Privacy policy.

Reporting a security issue

If you discover a potential security issue, please email info@valutoria.net. Please allow us a reasonable time to fix it before public disclosure.

What this page is not

This page is not a compliance attestation (SOC 2, ISO 27001, GDPR audit, etc.) and has not been independently verified. It describes only the controls currently enabled in the app. We update it from time to time.