Security
How we keep your account and data safe.
Last updated: May 29, 2026
Authentication
Sign-in is passwordless via single-use magic links sent to authorized email addresses. There are no passwords to leak, links expire quickly and can only be used once, and sessions are stored in signed, http-only cookies.
Data in transit & at rest
All traffic is served over HTTPS. Data is stored with established cloud providers (hosting, key-value cache, and database) that maintain industry-standard security controls.
Access control
The tool is gated to authorized operators only; access is scoped by an allowlist. Inputs are validated server-side, and queries are parameterized to prevent injection.
Abuse protection
Sign-in requests are rate-limited, and responses are constant-time so account existence can't be probed.
Reporting a vulnerability
Found something? Please email security@revarity.com with details. We appreciate responsible disclosure and will respond quickly.