Legal

Security Policy

Last updated: December 28, 2025

1. Overview

Security is a top priority at TourneyPilot. We are dedicated to ensuring that your tournament data remains safe, secure, and available. This policy outlines our security practices and how we protect your information.

2. Data Encryption

2.1 In Transit

All data transmitted between your device and our servers is encrypted using Transport Layer Security (TLS 1.2 or higher). This ensures that your data remains private and secure while moving across the internet.

2.2 At Rest

For cloud-synced tournaments, we use Supabase as our backend provider. All data stored in our database is encrypted at rest using industry-standard AES-256 encryption.

3. Local-First Security

TourneyPilot is designed with a "Local-First" architecture. This provides unique security benefits:

  • Data Ownership: By default, your tournament data lives primarily in your browser's filtered storage. It never leaves your device unless you explicitly choose to sync it.
  • Offline Access: You can access your data even without an internet connection, reducing dependency on external servers.

4. Authentication & Authorization

We use robust authentication mechanisms to secure access to your account:

  • Secure Login: We use Supabase Auth for user authentication, which follows industry best practices for session management and password security.
  • Access Controls: Strict access controls are in place to ensure that only you can modify your tournament data. Read-only links provide safe public access for spectators.

5. Vulnerability Reporting

We welcome reports from security researchers. If you believe you have found a vulnerability in TourneyPilot, please report it to us at security@tourneypilot.com. We will investigate all reports and work to resolve any confirmed issues promptly.

6. Reliable Infrastructure

Our infrastructure is built on world-class providers (Vercel, Supabase) that comply with major security certifications (SOC 2, ISO 27001). This ensures high availability and resilience against threats.

7. Contact Us

If you have any questions or concerns regarding our security practices, please contact us at security@tourneypilot.com.