Security & Data Protection

Your privacy and data security are our top priorities. Here’s how Snaps.Digital keeps your event photos safe at every step.

End-to-End Encryption

All data in transit is protected with TLS 1.3 encryption. Files and communications between your browser and our servers are encrypted using industry-standard protocols.

Data Encryption at Rest

We encrypt your OAuth tokens and folder metadata with AES-256-GCM before storing them. Your photos are saved directly to your own Google Drive or OneDrive, under your account, without passing through third-party servers.

Secure OAuth Flow

We use Google's and Microsoft's official OAuth 2.0 flows. Access and refresh tokens are handled securely, with token validation and automatic refresh.

CSRF & Session Protection

We implement CSRF tokens on all forms, secure, HTTP-only cookies with SameSite=Lax, and rotate session IDs upon authentication to protect your account.

Rate Limiting & Brute Force Defense

We enforce rate limits per IP and per session, with consistent timing responses to thwart brute-force attacks and abusive traffic.

Direct-to-Cloud Storage

Uploaded photos go directly into your cloud storage (Google Drive or OneDrive). We never store or cache your files on our servers.

Additional Safeguards

We’ve implemented extra measures to ensure your data remains secure and private.

Strict CSP

Content Security Policy locked to trusted domains to prevent resource injection.

Permissions Policy

Browser features (camera, microphone) limited to authorized contexts only.

Security Audits

Regular code reviews and tests to proactively identify vulnerabilities.

Questions?

If you have any security-related questions or concerns, feel free to contact our support team. We’re here to help!