Security Policy

Version: 1.0 | Effective: January 2026 | Updated: January 2026

πŸ›‘οΈ Security Policy

TodoHub

Protecting your data with robust technical and organizational measures

Our Security Commitment

Data security is a fundamental priority. We implement robust measures to protect your information against unauthorized access, loss, or alteration.

1. Security Principles

PillarImplementation
πŸ”’ ConfidentialityAccess restricted to authorized persons
πŸ›‘οΈ IntegrityData protected against changes
πŸ‘οΈ AvailabilityService accessible when needed
πŸ” Privacy by DesignSecurity from conception
⚑ Least PrivilegeMinimum necessary access

2. Infrastructure

2.1 Cloud Providers

ProviderFunctionCertifications
AWSMain infrastructureSOC 1/2/3, ISO 27001, PCI-DSS
Google CloudSpecific servicesSOC 1/2/3, ISO 27001
FirebaseAuthentication & DBSOC 2, ISO 27001

2.2 Data Location

UsersPrimary Region
πŸ‡§πŸ‡· BrazilSΓ£o Paulo (AWS sa-east-1)
πŸ‡ͺπŸ‡Ί EuropeFrankfurt (AWS eu-central-1)
πŸ‡ΊπŸ‡Έ North AmericaN. Virginia (us-east-1)

3. Encryption

3.1 In Transit

TechnologyApplication
TLS 1.3All communications
HTTPSRequired for all connections
Certificate PinningMobile apps
HSTSForce secure connections

3.2 At Rest

TechnologyApplication
AES-256Sensitive data
bcrypt/Argon2Passwords (hashing)
Disk encryptionAll servers
AWS KMSKey management

4. Authentication & Access

4.1 Authentication Methods

MethodAvailability
Email + PasswordStandard
Google Sign-InOAuth 2.0
Apple Sign-InOAuth 2.0
Facebook LoginOAuth 2.0
MFA/2FAOptional (recommended)

4.2 Password Requirements

  • Minimum 8 characters
  • Letters + numbers combination
  • Cannot repeat last 5 passwords
  • Lockout after 5 failed attempts

5. Network & Application Security

MeasureDescription
Firewall (WAF)Web Application Firewall
DDoS ProtectionAWS Shield / Cloudflare
OWASP Top 10All vulnerabilities mitigated
Input ValidationStrict input validation
SQL InjectionParameterized queries
XSS PreventionOutput escape, CSP

6. Backup & Recovery

TypeFrequencyRetention
IncrementalHourly24 hours
DailyDaily30 days
WeeklyWeekly12 weeks
MonthlyMonthly12 months

6.1 Characteristics

  • Encryption: AES-256 on all backups
  • Geo-redundancy: Separate region
  • Testing: Monthly restoration tests
  • RTO: 4 hours (Recovery Time Objective)
  • RPO: 1 hour (Recovery Point Objective)

7. Monitoring & Response

7.1 24/7 Monitoring

CategoryMonitoring
PerformanceLatency, throughput, availability
SecurityAccess attempts, anomalies
ErrorsExceptions, failures, crashes
InfrastructureCPU, memory, disk, network

7.2 Incident Response

LevelResponse
CriticalImmediate (24/7)
High< 1 hour
Medium< 4 hours
LowNext business day

8. Your Responsibilities

Security is a shared responsibility. You should:

  • βœ… Use strong and unique passwords
  • βœ… Enable two-factor authentication
  • βœ… Not share credentials
  • βœ… Log out on shared devices
  • βœ… Keep devices updated
  • βœ… Report suspicious activities

8.1 Report Vulnerabilities

If you discover a vulnerability, contact:

RegionContact
Globalsecurity@todohub.com

Β© 2026 TodoHub - All rights reserved
Document generated in January 2026 - Version 1.0