Security
Before launch: every claim below must be verified against the live system before publishing. Security claims are the easiest thing on a marketing site to get sued over. In particular: do not claim a certification, audit or penetration test you have not actually had.
Shadow Forge holds your tool library and your drawer designs. Here is how that is protected.
1. Architecture
The parts of Shadow Forge that generate geometry run entirely in your browser. Photographs are processed, tools traced, and DXF/STL/PDF written on your own machine. The server side exists to store your account and sync your library — not to do the work.
This is a deliberate design choice, and it is the strongest security property we have: data that is never transmitted cannot be intercepted, and data we never hold cannot be breached from us.
2. Data isolation
Our database enforces row-level security. Access rules are applied by the database itself on every query, so one account physically cannot read another account's rows — it does not depend on the application layer remembering to filter.
3. Encryption
All traffic is encrypted in transit with TLS. Data at rest is encrypted by our infrastructure provider.
4. Authentication
Passwords are hashed by our authentication provider — we never store or see them in plaintext, and we cannot recover one for you. Password reset runs through a signed, time-limited link sent to your email.
The publishable API key shipped in the client is public by design; it grants nothing on its own, because row-level security governs access. Privileged keys and payment secrets are held only in server-side function secrets and are never exposed to the browser.
5. Payments
Payments run through Stripe. Card details go from your browser to Stripe directly — they do not pass through, and are not stored on, our servers. We can see the last four digits and the card brand, which is all we need to show you what is on file.
6. Reporting a vulnerability
If you find a security issue, please tell us before you tell anyone else, and give us a reasonable window to fix it. Contact us with the details and steps to reproduce. We will not pursue legal action against researchers acting in good faith who do not access other users' data or degrade the Service.
Before launch: publish a dedicated security contact address, and decide whether you are offering a bug bounty. "Contact us" is a weak channel for a vulnerability report.
