Legal

Security

Last updated June 6, 2026

Security is built into the architecture, not bolted on. Here's how we protect your data and your Visitors'.

01Tenant isolation

Every table is protected by Postgres Row-Level Security. A workspace can only ever read or write its own sites, forms, counters, and submissions — enforced at the database layer, not just in application code.

02Embed authentication

  • No public API keys in embed scripts — nothing sensitive ships to the browser.
  • Each site has an origin allowlist; ingestion requests are rejected from unknown origins.
  • Form submissions require a short-lived, single-use HMAC token (5-minute TTL).
  • Webhooks are signed with HMAC-SHA256 (X-Devlune-Signature) so you can verify authenticity.

03Edge protection

Ingestion runs on Cloudflare's edge with per-IP, per-origin, and per-token rate limiting via Upstash. Forms are protected by an invisible honeypot and optional Cloudflare Turnstile, with no CAPTCHA friction for legitimate users.

04Data in transit & at rest

  • All traffic is encrypted with TLS.
  • Databases and object storage are encrypted at rest by our infrastructure providers.
  • Secrets live in environment variables and secret managers — never in source control.

05Privacy by design

We only ever store a daily-rotating salted hash of IP + user-agent for 24-hour de-duplication. Raw IP addresses are never written to disk, so even a full database compromise cannot reveal who visited a site.

06Auditability

Workspace-scoped admin actions are recorded in an append-only audit log (actor, action, target, hashed IP/UA, timestamp) so account owners can review activity.

07Reporting a vulnerability

Found something? Please email security@devlune.in with details and steps to reproduce. We investigate every report and will keep you updated on remediation. Please don't publicly disclose until we've had a chance to fix it.