Security

Our Commitment to Security

Security and privacy are fundamental to FlowSpace. We employ industry-standard security practices to protect your data and ensure the integrity of our services.

Security Measures

• Local-First Architecture: All user data stays on your device
• End-to-End Encryption: Data is encrypted at rest using macOS FileVault
• HTTPS Only: All connections use TLS 1.3 encryption
• Content Security Policy: Strict CSP headers prevent XSS attacks
• Rate Limiting: API endpoints are protected against abuse
• Input Validation: All user inputs are sanitized and validated
• Regular Audits: Automated dependency scanning and security reviews

Responsible Disclosure

We appreciate security researchers and users who help us maintain the security of FlowSpace. If you discover a security vulnerability, please report it responsibly.

How to Report

Please email security details to: hello@flowspace.app

Include in your report:

• Description of the vulnerability
• Steps to reproduce the issue
• Potential impact and severity
• Your contact information (for follow-up)

Our Response

• We will acknowledge receipt within 48 hours
• We will provide regular updates on our progress
• We will credit you in our security acknowledgments (if desired)
• We will notify you when the issue is resolved

Security Best Practices for Users

• Keep macOS updated to the latest version
• Enable FileVault encryption on your Mac
• Use a strong password for your Mac account
• Enable two-factor authentication where available
• Regularly back up your data using Time Machine
• Download FlowSpace only from official sources (Mac App Store, TestFlight)

Security Acknowledgments

We thank the following individuals for responsibly disclosing security vulnerabilities:

(No vulnerabilities have been reported yet)

Contact

For non-security inquiries, please contact: hello@flowspace.app