Home/Docs/Security & data protection
Deploy & ops · 4 min read

Security & data protection

Field-level encryption at rest, hardened passwords and sessions, and a straight answer on E2EE.

Linebook holds customer and financial data, so security is built in rather than bolted on. The essentials:

Sensitive customer fields — email, phone, brief — are AES-256-GCM encrypted at rest, with the key held outside the database.
Passwords are scrypt-hashed with a server-side pepper; logins are rate-limited.
Every response carries a Content-Security-Policy and the standard security headers.
Queries are scoped per store server-side, so tenant isolation holds even against a hand-crafted URL.
NoteBefore real use: rotate the four secrets, replace the seeded demo accounts, switch to HTTPS with secure cookies, and keep the admin console off any public tunnel. The full hardening checklist lives in the repo's SECURITY.md.
Security & data protection — Linebook docs