Security
Your habits are personal, and we treat them that way. Here is a plain-English overview of how Streak Mode protects your account and data.
Encryption in transit
Every connection to Streak is served over HTTPS with TLS. Your data is encrypted between your browser and our servers, so it cannot be read in transit.
Password protection
Passwords are never stored in plain text. We hash them with bcrypt, a slow, salted algorithm designed to resist brute-force attacks. We literally cannot see your password.
Payment security
All payments are processed by Stripe, a PCI-DSS Level 1 certified provider. Your full card number never touches our servers — we only store a customer reference and your subscription status.
Infrastructure
Streak runs on Vercel with a managed PostgreSQL database. Both are industry-standard platforms with hardened, access-controlled infrastructure and regular security patching.
Access controls
Your habits and account data are scoped to your authenticated session. Access to production systems is limited to what is required to operate the service.
Responsible disclosure
If you discover a security vulnerability, we want to hear about it. Report it privately and we will investigate and respond as quickly as we can.
Reporting a vulnerability
If you believe you have found a security issue in Streak, please email milesschwartz13@gmail.com with the details and steps to reproduce. Please give us a reasonable window to address the issue before any public disclosure. We appreciate the security community’s help in keeping Streak safe.
Your part
Security is a shared responsibility. Use a strong, unique password (or sign in with Google), keep your device secure, and log out on shared computers. For more on what we collect and why, see our Privacy Policy.