Access
Passwords use salted scrypt hashes. Sessions use HttpOnly, Secure and SameSite cookies. Google OAuth uses one-time state and PKCE. Sensitive actions require a verified email.
Gollby ยท Legal information
Security
Technical and organizational safeguards used by Gollby.
Integrations
Channel tokens are encrypted at rest, never displayed again and removed on disconnect. OAuth callbacks validate state, age and account ownership.
Infrastructure
Production runs over HTTPS in DigitalOcean Frankfurt with container isolation, restricted networks, security headers, backups and privacy-conscious logs.
Report an issue
Send impact and reproduction steps to support@gollby.com.ua and avoid public disclosure until we respond.