We are dedicated to maintaining the highest security standards for your travel packing profiles and sync data. This page outlines the specific encryption, authentication, and hosting protocols used by PackPilot.
1. Data Encryption in Transit
When you sync your travel checklists or query Pico's digital packing guidelines, all data transmitted between the PackPilot mobile app and our servers is encrypted using Secure Sockets Layer (SSL) and Transport Layer Security (TLS 1.2 or 1.3) protocols. This prevents intercept risks or eavesdropping on networks (including public airport Wi-Fi).
2. Secure Cloud Hosting (Supabase)
Our cloud database is hosted securely by Supabase using enterprise-grade, firewalled PostgreSQL database instances. Access to these database records is strictly gated by Row Level Security (RLS) policies, ensuring that each user can only read, modify, or delete their own data.
3. Account Authentication & Security
We use industry-standard JSON Web Token (JWT) credentials to handle login sessions securely. When you sign in using email/password or Google OAuth, your password is encrypted and hashed securely before reaching our verification API, ensuring that no raw passwords are ever stored or exposed.
4. On-Device Sandbox Protection
For users running PackPilot offline without a cloud account, all checklists are stored locally inside the application's private sqlite database sandbox. Android OS keeps these sandboxes private, meaning other apps installed on your phone cannot view, modify, or leak your PackPilot checklist data.
5. Reporting Vulnerabilities
If you discover any security issues or vulnerabilities in our infrastructure, we encourage responsible disclosure. Please contact our core developer security team immediately at support@welltide.app. We prioritize reviewing and mitigating reports within 48 hours.