Security

    How Woop AI protects your data and handles responsible disclosure.

    Encryption

    All communications use HTTPS/TLS encryption between your browser and our secure infrastructure.

    Row-Level Security

    Database access is protected so users can only access their own data.

    API Security

    Service credentials are managed centrally and protected behind secure server-side workflows.

    Input Sanitization

    Inputs and generated content are validated and sanitized to reduce abuse risk.

    Secure Authentication

    Authentication is handled with Supabase and Google OAuth support.

    Abuse & DDoS Protection

    Sensitive endpoints require authentication and we recommend deploying behind a CDN/WAF (e.g. Cloudflare) for volumetric DDoS mitigation and bot filtering at the network edge.

    Responsible Disclosure

    If you discover a vulnerability, please use the report form below. Please do not publicly disclose issues until we have investigated and addressed them.

    Submit a security report

    Share detailed reproduction steps so the team can verify and fix the issue quickly.