Security

Infrastructure

• Our application is hosted on Vercel, which provides enterprise-grade infrastructure with automatic SSL/TLS encryption for all traffic.
• Our database and authentication services run on Supabase, which provides row-level security, encrypted connections, and regular security audits.
• All data in transit is encrypted via HTTPS (TLS 1.2+).
• All data at rest is encrypted using AES-256 encryption.

Authentication

• We use Google OAuth via Supabase Auth for sign-in. We never store your Google password.
• Session tokens are managed securely using HTTP-only cookies.
• Authentication state is validated on both the client and server side.

Payment Security

• All payments are processed through Stripe, a PCI DSS Level 1 certified payment processor.
• We never store, process, or have access to your full credit card number.
• Stripe handles all sensitive payment data in their secure environment.

Code Execution

• Code you write in the editor runs entirely in your browser using Pyodide (a WebAssembly-based Python runtime).
• Your code is never sent to our servers for execution.
• Code execution is sandboxed within a Web Worker, isolated from the main page and other browser tabs.

AI and Data Processing

• When you use AI-powered features (hints, explanations, code feedback), your code and prompts are sent to OpenAI for processing.
• We use OpenAI's API, which does not use your data to train their models.
• AI interactions are not stored long-term beyond what is needed to provide the feature.

Responsible Disclosure

If you discover a security vulnerability in LeetLockin, we appreciate your help in disclosing it responsibly. Please email us at hello@leetlockin.com with details of the vulnerability. We will acknowledge your report within 48 hours and work to resolve the issue promptly.

Questions

If you have questions about our security practices, contact us at hello@leetlockin.com.