Security Policy

1. Reporting a Vulnerability

If you discover a security issue, please report it privately by emailing [support@sidetracking.app](mailto:support@sidetracking.app). We ask that you do not publicly disclose the issue until we have had a reasonable opportunity to investigate and address it.

We aim to acknowledge receipt within 48 hours and provide an initial assessment within 5 business days. We will keep you informed of progress throughout the resolution process.

2. Systems in Scope

This security policy covers the following systems:

Third-party vendor infrastructure (Supabase, Stripe, Vercel, Sentry) is out of scope unless the issue is caused by SideTrack's integration or configuration of those services.

3. Security Posture

SideTrack employs the following safeguards:

These measures are designed to protect data in transit and at rest. No internet-connected system can guarantee perfect security, but we are committed to maintaining strong protections and responding promptly to any issues.

4. Payment Security

SideTrack uses Stripe for all payment processing. Credit card numbers, security codes, and bank account details are handled entirely by Stripe and are never stored by SideTrack. Stripe maintains PCI DSS Level 1 certification and its own security practices apply to payment data.

5. Contact

For security-related inquiries, email [support@sidetracking.app](mailto:support@sidetracking.app).

SideTrack

Bryan, TX 77803

United States