Security
Plain language about how your account and data are protected.
No passwords to steal
Sign-in runs entirely through Google or GitHub OAuth. URCOSMO never sees or stores a password for you — there is no password database to breach.
Your data is scoped to you
Every record in URCOSMO is tied to your user account, and every database query is filtered by that account on the server. There is no code path through which one user can read another user's data — not through the app, not through the API.
Encryption
All traffic runs over HTTPS/TLS. Your most sensitive content — journal entries, reflections, note bodies, contact notes — is additionally encrypted at rest with AES-256-GCM before it is written to the database, with keys held only on the server. Database-level at-rest encryption is provided by our managed Postgres host.
Private file storage
Uploaded files (documents, note attachments, images) are stored in a private object-store bucket that is not publicly listable. Files are only reachable through short-lived, signed URLs generated for the signed-in owner.
The data export endpoint
The personal data export (/api/ai/export) is the most sensitive endpoint on the platform, so it is held to the strictest rules: it requires a valid authenticated session, identifies you through your verified sign-in identity (never a client-supplied id), is rate-limited, and only ever returns the signed-in user's own data.
Responsible disclosure
Found a vulnerability? We want to hear about it. Email [email protected] with details and we'll respond as quickly as we can. Please give us reasonable time to fix an issue before public disclosure.