Vulcaro
Start $1 Trial

Security

How we protect your data and what to do if you find a vulnerability.

Security Practices

🔒

Encryption in Transit

All data transmitted between your browser and Vulcaro is encrypted using TLS 1.2 or higher. We enforce HTTPS across all endpoints.

🗄️

Encryption at Rest

User data stored in our Cloudflare D1 database is encrypted at rest by default using AES-256.

🌐

Edge-Native Infrastructure

Vulcaro runs on Cloudflare Workers and Pages — globally distributed infrastructure with built-in DDoS protection and WAF.

🔑

Authentication

User passwords are hashed using bcrypt before storage. Authentication tokens are short-lived JWTs signed with a secure secret.

🛡️

Access Controls

User data is scoped per account. No user can access another user's projects, content, or settings. Admin access is strictly controlled.

🔍

Third-Party Audits

We rely on infrastructure providers (Cloudflare) that undergo regular independent security audits and hold industry certifications.

Infrastructure

Vulcaro is built on Cloudflare's edge network:

  • Cloudflare Pages — Next.js frontend with global CDN distribution
  • Cloudflare Workers — serverless API runtime with no persistent server to attack
  • Cloudflare D1 — SQLite database with encryption at rest
  • Cloudflare R2 — object storage for media assets

We do not run our own servers, VMs, or managed databases. The attack surface is minimal by design.

Data Retention & Deletion

When you delete your Vulcaro account, all associated personal data — including projects, content, keywords, and analytics — is permanently deleted from our systems within 30 days.

Anonymized, aggregated usage statistics may be retained for product improvement purposes.

Responsible Disclosure

If you discover a security vulnerability in Vulcaro, please report it to us privately before disclosing it publicly. We commit to:

  • Acknowledging your report within 48 hours
  • Providing a fix timeline within 7 business days of confirming the issue
  • Crediting researchers who report valid vulnerabilities (with permission)
Report a Vulnerability

security@vulcaro.com

Questions?

For general security questions, contact us at security@vulcaro.com. For privacy-related questions, see our Privacy Policy or GDPR page.