Security

Learn about our comprehensive security measures and how we protect your data on the OneNoughtOne platform.

Last updated: December 16, 2024

1Our Security Commitment

At OneNoughtOne, security is fundamental to everything we do. We are committed to protecting your data and maintaining the trust you place in us. This page outlines our security practices, measures, and your role in keeping your account secure.

We continuously invest in security improvements and stay up-to-date with the latest security best practices and emerging threats.

2Data Protection

Encryption at Rest & in Transit

All data is encrypted using AES-256 at rest and TLS 1.3 in transit.

Our data protection measures include:

  • End-to-end encryption for sensitive data transmission
  • Encrypted database storage with automatic key rotation
  • Secure backup systems with encrypted storage
  • Regular security audits and penetration testing
  • Data minimization—we only collect what we need

3Infrastructure Security

Enterprise-Grade Infrastructure

Hosted on Vercel with SOC 2 Type II compliance.

Our infrastructure is designed with security in mind:

  • Hosted on enterprise-grade cloud infrastructure
  • Distributed denial-of-service (DDoS) protection
  • Web Application Firewall (WAF) protection
  • Automatic security updates and patching
  • Geographic redundancy for high availability
  • Network isolation and segmentation

4Authentication & Access Control

Secure Authentication

Industry-standard OAuth 2.0 with secure session management.

We implement robust authentication measures:

  • Secure password hashing using bcrypt with strong salt
  • OAuth 2.0 integration with trusted providers (Google, GitHub)
  • Session tokens with automatic expiration
  • Protection against brute force attacks
  • Secure password reset procedures

5Security Monitoring

24/7 Monitoring

Continuous monitoring for threats and anomalies.

Our security monitoring includes:

  • Real-time threat detection and alerting
  • Automated anomaly detection
  • Comprehensive logging and audit trails
  • Regular log analysis and review
  • Incident response procedures

6Vulnerability Reporting

Responsible Disclosure

We appreciate security researchers who help keep our platform safe.

If you discover a security vulnerability, please report it to us responsibly:

  • Email security issues to: security@onenoughtone.com
  • Include detailed steps to reproduce the vulnerability
  • Allow reasonable time for us to address the issue
  • Do not access or modify other users' data
  • Do not perform actions that could harm our users or service

We are committed to working with security researchers and will acknowledge valid reports promptly.

7Security Best Practices for Users

Protect Your Account

Follow these recommendations to keep your account secure.

Help keep your account secure by following these best practices:

  • Use a strong, unique password for your account
  • Never share your password or account credentials
  • Be cautious of phishing attempts—we will never ask for your password via email
  • Keep your devices and browsers updated
  • Log out from shared or public computers
  • Review your account activity regularly
  • Report any suspicious activity immediately

8Contact Security Team

For security-related inquiries or to report a vulnerability, please contact our security team:

  • Security Issues: security@onenoughtone.com
  • General Inquiries: support@onenoughtone.com

For urgent security matters, please include "URGENT" in your email subject line.