Sigmora
Sign inOpen Workspace

Security

Security

Authentication

Accounts are secured via Firebase Authentication. Passwords are never stored in plain text. We support email/password and Google sign-in. All sessions use short-lived ID tokens.

Transport

All traffic is encrypted in transit via TLS 1.2+. API routes enforce HTTPS.

Data isolation

Workspace data is scoped per workspace in Firestore. Users cannot access data outside their workspace. All API routes verify workspace membership before returning data.

Payments

Payment processing is handled by Paystack and Polar. We never see or store your card number. Webhook signatures are verified on every event.

Rate limiting

API endpoints are rate limited per IP and per user to prevent abuse. Webhook endpoints use Redis-backed deduplication to prevent replay attacks.

Reporting a vulnerability

If you discover a security issue, please disclose it responsibly by emailing security@sigmora.org. We will respond within 48 hours.