Ozyra

OZYRA SECURITY POLICY

Last Updated: December 11, 2025

1. Overview

We design Ozyra with security in mind. This policy summarizes the technical and organizational measures we take to protect data handled by the Services.

2. Reporting security issues

We welcome responsible disclosure from researchers and users. If you discover a vulnerability, email security@ozyra.com with:

  • Description and impact
  • Steps to reproduce
  • Relevant proofs of concept, screenshots, or logs
  • Contact details for coordination

We commit to acknowledging receipt, validating the issue, and working with you on remediation. Credit is given when desired.

3. Data protection

  • Encryption in transit: All traffic between clients and our Services is protected with TLS.
  • Encryption at rest: Data stored with our providers (e.g., Supabase, Vercel) uses provider-managed encryption at rest.
  • Access control: Production access is limited to authorized personnel with least-privilege principles.
  • Secrets management: Credentials and API keys are stored using provider secret management features.

4. Authentication and session security

  • Sign-in uses trusted OAuth 2.0 providers (e.g., Google, GitHub).
  • Session tokens are scoped and rotated per provider best practices.
  • We monitor for suspicious login activity where signals are available.

5. Infrastructure and application security

  • Hosting on Vercel with managed network security and DDoS protections.
  • Database, auth, and storage provided by Supabase with built-in access controls.
  • Rate limiting and input validation to reduce abuse.
  • Dependency updates and security patches are applied regularly.
  • Logging and monitoring to detect anomalies and errors.

6. Backups and resilience

  • Cloud-synced data relies on provider-managed backups and redundancy.
  • Local-only data remains on your device; ensure you export before device resets.

7. Incident response

If we detect a security incident, we investigate, mitigate impact, and take corrective actions. When required, we will notify affected users and relevant authorities.

8. Your responsibilities

  1. Use trusted OAuth providers and enable MFA where available.
  2. Keep your devices and browsers updated.
  3. Do not share active sessions or export data to untrusted systems.
  4. Report suspicious activity or vulnerabilities promptly.
  5. Log out on shared or public machines.

9. Updates to this policy

We may revise this Security Policy. The "Last Updated" date reflects the latest changes. Material changes may also be communicated in-product.

10. Contact

For security concerns, contact security@ozyra.com