We take the security of your data seriously. Here's how we protect your information and what we do to keep Sleekbio safe.
All data transmitted between your browser and our servers is encrypted using TLS (Transport Layer Security). This ensures that your information cannot be intercepted or tampered with during transmission.
We never store your password in plaintext. All passwords are hashed using bcrypt with unique per-user salts before storage. Even in the event of a database breach, your actual password cannot be recovered.
We use industry-standard authentication powered by NextAuth.js. Sessions are managed with secure, signed JWT tokens. We support Google OAuth for convenient, secure sign-in without sharing passwords.
Our application is hosted on modern cloud infrastructure with automatic scaling, redundancy, and DDoS protection. Database connections are encrypted via TLS, and file storage is managed through Supabase with secure access controls.
Organization workspaces use role-based access control (RBAC) with Owner, Admin, and Member roles. Each role has carefully scoped permissions ensuring members can only access the resources appropriate to their level.
All payments are processed by Paystack, a PCI DSS Level 1 compliant payment processor. We never store your full card number or bank details on our servers. Only transaction references and payment statuses are retained.
We collect only the information necessary to provide the Service. Page analytics are aggregated and anonymized — we track page views and link clicks as counts, not individual visitor identities. We do not use third-party tracking pixels or advertising cookies.
All accounts require email verification via a one-time password (OTP) sent to your registered email. This prevents unauthorized account creation and ensures you have control of the email address associated with your account.
Profile images and banners uploaded to Sleekbio are processed server-side with format validation, converted to optimized formats, and stored in isolated cloud storage buckets with access controls. Original filenames are never preserved — files are renamed to prevent path traversal attacks.
We regularly audit and update our dependencies to patch known vulnerabilities. Our codebase uses locked dependency versions to prevent supply chain attacks from unexpected package updates.
All user inputs are validated and sanitized on the server side. We use parameterized queries through our ORM (Prisma) to prevent SQL injection. React's built-in XSS protections are active on all rendered content.
If you discover a security vulnerability in Sleekbio, we encourage responsible disclosure. Please report it to us directly so we can address it before any public disclosure.
Report a Vulnerability
Email: security@sleekb.io
Please include a detailed description of the vulnerability, steps to reproduce it, and any supporting evidence (screenshots, logs, etc.). We commit to acknowledging your report within 48 hours and providing regular updates on our remediation progress.
Security is a shared responsibility. Here are steps you can take to protect your account: