How we keep you safe

Signatures are generated in your browser using the Web Crypto API. Your original files never leave your machine, which means the worst-case impact of a breach on our side cannot include leaked content.

We support email and password sign-in and Google sign-in. Passwords are checked against known breach databases at signup. Sessions are bound to a secure, httpOnly token issued by our identity provider.

Every record in our database is scoped to its owner with row-level security policies. Your signatures, takedowns, and account metadata are only readable by you (and our on-call engineers under controlled break-glass procedures).

We run on managed cloud infrastructure with encryption in transit (TLS 1.2+) and encryption at rest. Backups are encrypted and retained on a rolling 30-day window.

Found something? Email security@contenter.app with a description and reproduction steps. We acknowledge reports within two business days and credit responsible disclosure when requested.