Security
Security at SmartCon360 isn't a bolt-on feature; it's part of the architecture. Here we transparently describe the core measures we take to protect your data.
Environment isolation
Development and production environments are fully isolated: they use separate databases and separate secrets. Development work, preview deployments and database migrations never touch production data.
Encryption & authentication
- All traffic is encrypted in transit with HTTPS/TLS.
- Passwords of users who register with a password are stored only as a hash; we never see the plaintext.
- Sessions are managed with signed tokens (JWT); each environment uses its own strong, dedicated signing key, and production never runs with a default or weak secret.
Least privilege
For third-party integrations we request only the minimum scope needed. For the Google Drive integration we use the drive.file scope: it accesses only files the app creates or that you explicitly select — it does not read the rest of your Drive. You can revoke access at any time.
Infrastructure
The application is hosted on Vercel; data is stored on managed Neon PostgreSQL. These providers offer industry-standard practices for backups and infrastructure security. We list our subprocessors in the Privacy Policy.
Your data is yours
The data you enter into your projects belongs to you. We do not use it for advertising and we do not sell it; we process it only to provide the Service. Your rights to access, export and delete are described in the Privacy Policy.
Responsible disclosure
If you believe you have found a security vulnerability, please report it to contact@yukselarslan.com before disclosing it publicly. We review reports seriously and respond within a reasonable time. We thank good-faith security researchers.