How We Protect Your Data
Security and privacy are built into every aspect of SoulLytics. Here's how we keep your information safe.
Encryption in Transit
All data transmitted using TLS 1.3 encryption
Encryption at Rest
Database and file storage use AES-256 encryption
Secure Headers
CSP, HSTS, and other security headers implemented
Regular Backups
Encrypted backups with 30-day retention
Principle of Least Privilege
Systems only access data they absolutely need
Multi-Factor Authentication
All admin access requires 2FA
Audit Logging
All data access is logged and monitored
Regular Access Reviews
Quarterly reviews of all system permissions
Steam OAuth Permissions
When you connect your Steam account, we only request basic identity information.
What We Request:
- • Steam ID (public identifier)
- • Display name
- • Avatar image
What We Don't Request:
- • Email address
- • Real name
- • Friends list
- • Game library
- • Purchase history
Hosting Security
- • SOC 2 Type II compliant hosting
- • DDoS protection and mitigation
- • Network isolation and firewalls
- • 24/7 security monitoring
Development Security
- • Automated security scanning
- • Dependency vulnerability checks
- • Code review requirements
- • Secure development lifecycle
Security Researchers Welcome
We believe in working with the security community to keep SoulLytics safe. If you discover a security vulnerability, please report it responsibly.
Reporting Process:
- Email security@soullytics.com with details
- Include steps to reproduce the issue
- Allow us 90 days to investigate and fix
- We'll credit you in our security acknowledgments
Please Don't:
- • Access or modify user data
- • Perform destructive testing
- • Publicly disclose before we've had time to fix
Stay Informed
We'll notify users of any security updates or incidents that may affect their data.