Legal

Legal & Compliance

Transparency is core to our mission. These documents explain how we handle your data, what you agree to when using Newsie, and how we keep the platform secure.

Security

How we protect your data and keep the platform secure

Last updated: February 22, 2026

Our Security Philosophy

As a platform that helps users evaluate DeFi security, we hold ourselves to the highest standards. We practice defense-in-depth: multiple layers of security controls so that no single failure can compromise user data. We never store what we do not need, we encrypt everything in transit, and we hash everything at rest. We will never ask for your private keys or wallet seed phrases.

Security Status

Infrastructure SOC 2

Covered by Vercel

Database Encryption

AES-256 at rest

Password Hashing

bcrypt (cost 12)

Transport Security

TLS 1.3

Dependency Scanning

Weekly (Dependabot)

CI Security Audit

Every PR

Encryption

All data in transit is encrypted via TLS 1.3
Passwords are hashed with bcrypt (cost factor 12) before storage
Database connections use SSL/TLS encryption
Session tokens are cryptographically signed HTTP-only cookies

Data Protection

All database queries use parameterized statements to prevent SQL injection
User input is validated and sanitized at the API boundary using Zod schemas
Sensitive data fields are never logged or exposed in error messages
Database access is restricted via connection pooling with role-based permissions

Authentication & Authorization

Secure session management with HTTP-only, SameSite cookies
Account lockout after repeated failed login attempts
API rate limiting per user and per IP to prevent abuse
Role-based access control for admin functions

Infrastructure

Hosted on Vercel's SOC 2 Type II compliant infrastructure
Database hosted on Neon's serverless PostgreSQL with automatic encryption at rest
Edge network deployment for DDoS mitigation and global availability
Automatic SSL certificate management and renewal

Code Quality

TypeScript strict mode with all safety flags enabled
ESLint with DeFi-specific rules (blocks unsafe numeric operations on financial amounts)
Automated CI pipeline: lint, typecheck, test (70% coverage threshold), build, security audit
Dependency vulnerability scanning via Dependabot with weekly automated security PRs
Conventional Commits enforced via commitlint and Husky pre-commit hooks

Monitoring & Incident Response

Real-time error tracking and alerting via Vercel monitoring
Automated health checks on all API endpoints
Structured logging for security-relevant events (login attempts, privilege escalation)
Incident response plan with defined severity levels and escalation procedures

Responsible Disclosure

If you discover a security vulnerability in Newsie, we ask that you report it responsibly. Please do not publicly disclose the vulnerability until we have had a chance to address it.

Email: security@newsie.tech

Response time: We aim to acknowledge reports within 48 hours and provide a resolution timeline within 7 days.

Scope: All Newsie web properties (newsie.tech), API endpoints, and authentication systems.

What We Will Never Do

Ask for your wallet private keys or seed phrases
Request your password via email, chat, or phone
Store credit card numbers on our servers (handled by Stripe)
Sell your personal data to third parties or advertisers
Access your wallet or initiate transactions on your behalf
Share your analysis history with other users without your consent