Security Policy

77th Junction is built for developers who trust us with their work. Security is enforced at every layer: identity, transport, storage, operations, and personnel access.

• TLS 1.2+ for all connections between your browser, our API, and deployment edges.
• Encrypted storage for credentials, session tokens, and sensitive configuration at rest.
• Hashed passwords via industry-standard identity providers—we never store plaintext passwords.

• Role-based access for internal systems; production access requires approval and logging.
• Multi-factor authentication (TOTP) available and encouraged for all accounts.
• API access requires valid bearer tokens; tokens expire and can be revoked on logout.
• Projects are isolated per account—no cross-tenant reads without explicit sharing (when offered).

We monitor authentication failures, anomalous traffic, and deployment abuse. Confirmed incidents trigger containment, customer notification when your data is affected, and post-incident review. Report vulnerabilities to security@77thjunction.app.

Production runs on hardened cloud infrastructure with network segmentation, automated patching, and backup procedures. Secrets are injected via secure environment mechanisms—not committed to repositories.

• Enable 2FA on your account.
• Never commit API keys, .env files, or private keys to projects you deploy.
• Rotate credentials if a machine or token is compromised.
• Review build logs before sharing preview URLs publicly.