Security Policy

1. Passwordless Access

We do not collect or store passwords. You log in via a single-use secure link sent to your email. Because we do not keep a database of passwords, there are no credentials that can be stolen or leaked.

2. Managed Hosting

Our application runs on managed cloud infrastructure where operating system updates and security patches are applied automatically. All data is stored securely on servers located in the European Union.

3. Data Minimization

We only ask for your name and email address when you sign up. Data from monthly editions and deleted circles is permanently removed from our database and storage on a rolling basis, so there is less to protect and less that could be exposed in the unlikely event of a breach.

4. Payment Security

All subscription payments are processed securely by our payment provider, Mollie. Your payment data (such as credit card or bank details) is sent directly to Mollie and never touches our servers.

5. Code Monitoring

We regularly scan our software libraries and code for known security issues, allowing us to identify and patch vulnerabilities before they can be exploited.

6. Application Security

Our software is built using standard, modern frameworks that block common web attacks by default. This includes protection against unauthorized data submissions, database tampering, and malicious script insertion.

7. Reporting Security Issues

If you believe you have found a security vulnerability in DearAll, please report it directly by emailing [email protected].