Security & Data Protection
Your privacy and data security are our top priorities. Here’s how Snaps.Digital keeps your event photos safe at every step.
End-to-End Encryption
All data in transit is protected with TLS 1.3 encryption. Files and communications between your browser and our servers are encrypted using industry-standard protocols.
Data Encryption at Rest
We encrypt your OAuth tokens and folder metadata with AES-256-GCM before storing them. Your photos are saved directly to your own Google Drive or OneDrive, under your account, without passing through third-party servers.
Secure OAuth Flow
We use Google's and Microsoft's official OAuth 2.0 flows. Access and refresh tokens are handled securely, with token validation and automatic refresh.
CSRF & Session Protection
We implement CSRF tokens on all forms, secure, HTTP-only cookies with SameSite=Lax, and rotate session IDs upon authentication to protect your account.
Rate Limiting & Brute Force Defense
We enforce rate limits per IP and per session, with consistent timing responses to thwart brute-force attacks and abusive traffic.
Direct-to-Cloud Storage
Uploaded photos go directly into your cloud storage (Google Drive or OneDrive). We never store or cache your files on our servers.
Additional Safeguards
We’ve implemented extra measures to ensure your data remains secure and private.
Strict CSP
Content Security Policy locked to trusted domains to prevent resource injection.
Permissions Policy
Browser features (camera, microphone) limited to authorized contexts only.
Security Audits
Regular code reviews and tests to proactively identify vulnerabilities.
Questions?
If you have any security-related questions or concerns, feel free to contact our support team. We’re here to help!