Security at ByDesign

Your notes, plans, and daily routines are deeply personal—and we treat them that way.

ByDesign is built by a small, principled team that values privacy, transparency, and trust. We’re committed to protecting your data with modern infrastructure, ethical practices, and clear boundaries around access.

🔐 How We Store and Protect Your Data

All your data is stored securely using Google Cloud Firestore and Firebase Authentication. These systems are trusted globally and used by some of the largest apps in the world.

We use:

  • AES-256 encryption at rest

  • TLS 1.2+ encryption in transit

  • Secure data replication and backup across multiple availability zones to prevent loss

Files you upload (e.g., images or documents) are stored in Google Cloud Storage, protected by the same encryption and access controls.

👁️ Who Can See Your Data?

We never access your data unless:

  • You explicitly give us permission (e.g., when debugging a reported issue)

  • It’s legally required (hasn’t happened so far)

Even internally, our access to user data is limited and tracked. We take this seriously and err on the side of not accessing things—even if it would make troubleshooting easier.

We're building ByDesign to treat your data the way we'd want ours treated: with respect, privacy, and control.

🔐 Authentication & Access Control

We support:

  • Email + password login (passwords are hashed and salted)

  • Google, Apple, Microsoft Sign-In via OAuth 2.0 (we never see or store your Google credentials)

In the future, we plan to support additional security features like:

  • Two-factor authentication (2FA)

  • Session management tools

  • Admin roles for teams and shared workspaces

💾 Backups & Data Recovery

Data stored in Firebase is automatically backed up by Google infrastructure. We also run regular internal backups to ensure your tasks, pages, and workspace content are safe—even in the rare case of a failure.

Coming soon: manual backup/export options you can trigger anytime.

🔍 Are You GDPR Compliant?

Not yet. But here’s what we are:

  • We’re a privacy-first team—our users’ trust matters more than metrics.

  • We don't sell, rent, or use your data for advertising.

  • We minimize what we store, and we keep it secure.

  • We are transparent about what we collect and why.

GDPR compliance is on our roadmap, and we’re actively working toward it. Until then, if you have specific needs around data handling, email us at support@bydesign.app and we’ll do our best to support you.

🛠️ Found a Vulnerability? Let Us Know

If you spot something that looks off—or find a potential vulnerability—we’d love to hear from you. Security is a team sport.

Report a vulnerability →

📃 More Resources