1. Our Commitment
X-RAY takes the security of its platform and user data seriously. We apply industry-standard practices to protect all data in transit and at rest.
2. Data Protection
All traffic between your browser and our servers is encrypted with TLS 1.2 or higher.
Passwords are never stored in plain text — we use bcrypt hashing with a per-user salt.
IP addresses used for rate-limiting are stored only as SHA-256 hashes.
Uploaded images are retained for a maximum of 30 days and then permanently deleted.
Database credentials, API keys, and secrets are stored as environment variables and never committed to source code.
3. Authentication
We support two-factor authentication (TOTP) for all registered users.
Session tokens are signed with a server-side secret key and expire after inactivity.
Rate limiting is applied to all authentication endpoints to prevent brute-force attacks.
4. Responsible Disclosure
If you discover a security vulnerability, please report it to us at [email protected] before disclosing it publicly.
We ask that you give us reasonable time to investigate and address the issue.
We do not operate a bug bounty program at this time, but we sincerely appreciate responsible disclosure.
5. Contact
Security-related questions and reports can be sent to [email protected].