security.
Reporting a vulnerability
Found a security issue? Email support@sate.fit with the details and steps to reproduce. We read every report and aim to acknowledge within a few business days. Please give us a reasonable chance to fix the issue before disclosing it publicly.
Good-faith research
We will not pursue or support legal action against researchers who act in good faith: who avoid privacy violations and data destruction, do not degrade the service for others, and only interact with accounts they own or have explicit permission to test. We do not currently run a paid bug-bounty program.
How we protect your data
All traffic is encrypted in transit with TLS (HTTPS). Passwords are hashed with bcrypt — we never store raw passwords. Access tokens on iOS live in the system Keychain. Server data is encrypted at rest in managed PostgreSQL, and photos and backups in encrypted object storage. HealthKit data stays on your device by default; you control sync. The website enforces a strict Content-Security-Policy, HSTS, and frame-blocking headers.
Scope
This policy covers sate.fit and the Sate iOS app. The third-party services we rely on (listed in our Privacy Policy) run their own security programs.
Contact
Security questions or reports: support@sate.fit