Security & Data Protection
Last updated: 2026-07-01
Bommel is engineered to protect your data with controls modeled on financial-industry standards. This page summarizes our approach.
Encryption
- In transit: all network traffic is encrypted with TLS 1.2+.
- At rest: managed cloud storage (Google Firestore) is encrypted at rest with AES-256.
- Client-side, zero-knowledge backups: you can export an encrypted backup that is protected with AES-256-GCM using a key derived from your passphrase via PBKDF2-HMAC-SHA-256 (310,000 iterations, unique per-file salt and IV). The passphrase never leaves your device and is never stored — if lost, the backup cannot be recovered.
Access control & isolation
- Authentication via Google (Firebase Authentication).
- Per-user data isolation enforced by Firestore Security Rules scoped to the authenticated account.
- Least-privilege service credentials; secrets stored in a secured secret manager / environment, never in source control.
Application security
- Input validation with strict schemas (Zod) on all writes.
- SSRF protections on server-side fetches (allow-listed hosts, blocked private ranges, protocol/port restrictions).
- Output encoding and framework auto-escaping to mitigate XSS; security headers on responses.
- Parameterized/typed data access — no string-built queries.
Operational practices
- Minimal logging that excludes content, credentials, and secrets.
- Generic client-facing error messages; detailed diagnostics kept server-side.
- Dependency and vulnerability monitoring.
- Regular encrypted backups with tested restoration.
Your responsibilities
- Use a strong, unique password on your Google account and enable 2-step verification.
- Keep your device and browser up to date.
- Store backup passphrases safely; we cannot recover them.
Reporting a vulnerability
We welcome responsible disclosure. Email support@bookmarklocker.app with details and steps to reproduce. Please do not publicly disclose issues before we have had a reasonable chance to remediate.