Security

Security is the product, so we hold ourselves to it. Here's how GhostCred handles your data.

Secret redaction

Detected secret values are truncated to the first four characters before storage or display. We never persist full credential values.

Data protection

All traffic is encrypted in transit (TLS). Reports are stored in a private bucket and served only through short-lived signed links. Database access is governed by row-level security; privileged operations run server-side only.

Responsible disclosure

Found a vulnerability? We want to hear about it. Email support@ghostcred.io and we'll respond promptly.