Legal

Security

What protects your account and your data.

Infrastructure

Hosted on Cloudflare Workers — TLS everywhere, automatic DDoS mitigation.
Data in Cloudflare D1 (SQLite). Encrypted at rest by Cloudflare.
Secrets stored via Wrangler secret bindings, never committed to source.

Authentication

Google OAuth via Better Auth — we never see your Google password.
Session tokens are HTTP-only cookies, signed and encrypted.
All session-scoped routes require an active session.

Payments

We do not store payment cards. All billing flows go through Polar (our payment processor). Webhook signatures are HMAC-verified before any state change.

Disclosure

Found a vulnerability? Email hello@geondex.com with details. We'll respond within 72 hours and credit you publicly with permission.

Status

Live service status: see /status.