Account protection
Passwords are stored using a one-way, salted password hash. Sessions use secure, HTTP-only cookies in production.
Project credentials
Optional credentials stored for a project are encrypted before being written to the database. Use a dedicated test account with the minimum privileges required for the demo.
Access and operations
We limit access to production systems and use managed infrastructure controls. We monitor the service for failures and abuse and apply security updates as part of normal operations.
Reporting a vulnerability
Do not publicly disclose a suspected vulnerability before we have had a reasonable opportunity to investigate it. Send a concise report to support@moeby.app with enough detail for us to reproduce the issue.