Legal
Security Policy
Last updated: June 1, 2026 | 77th Junction
1. Security approach
77th Junction is designed to reduce accidental exposure while keeping deployment workflows understandable. Security is a shared responsibility between the platform, its providers, workspace owners, and each user.
2. Platform controls
- HTTPS is used for the public web app, API endpoints, and supported deployment URLs.
- Authentication is handled through Firebase identity flows and API requests require valid bearer tokens where account access is needed.
- Projects are scoped to an owner workspace. Editors can change shared projects; viewers receive read-only access.
- Direct requests for server data directories are blocked and plan limits constrain uploads, extracted folders, deployments, domains, and retained releases.
- Operational events and errors are logged to support reliability and incident investigation.
3. Protect your account and projects
- Use a strong unique password and protect access to your email and connected sign-in provider.
- Never deploy .env files, private keys, credentials, database dumps, or confidential files.
- Review uploaded folders, build logs, team invitations, and domain settings before making a site public.
- Remove teammates who no longer need access and use viewer roles where write access is unnecessary.
- Keep your own backups of important source code and production data.
4. Vulnerability reporting
If you believe you found a security issue, send a clear report to security@77thjunction.app. Do not access other users' data, disrupt service, or publicly disclose an unresolved issue. We will review responsible reports and coordinate next steps where appropriate.
5. Incident handling
When we confirm an incident, we work to contain it, understand impact, restore safe operation, and notify affected users when required by law or when notice is materially useful for protecting their accounts.