← Back to home

Security at Spinini

Your code, data, and account are protected by encryption, container isolation, and hardened infrastructure — so you can build with confidence.

Encryption everywhere

All traffic to and from Spinini is encrypted in transit with TLS 1.2+. Data at rest — including your project files, database rows, and stored secrets — is encrypted on disk.

Isolated workspaces

Every project runs in its own sandboxed Linux container with dedicated CPU, memory, and process limits. Containers cannot see or reach each other, so your code and runtime are isolated from other users.

Secret management

Environment variables and API keys are stored encrypted and injected into your workspace at runtime — never written to source, never exposed in logs, and never shared across projects.

Hardened infrastructure

Services run behind a reverse proxy with automatic HTTPS. Internal services are not publicly exposed, resource limits contain runaway processes, and idle containers are automatically stopped.

Account protection

Sign in with email + password (hashed with bcrypt) or trusted OAuth providers like Google and GitHub. Email verification is required before an account becomes active.

Trusted payment handling

Payments are processed entirely by Stripe, a PCI-DSS Level 1 provider. Spinini never sees or stores your full card number — we keep only your subscription status and plan tier.

How we operate

Security is built into how we develop, deploy, and run the platform every day.

Least-privilege access

Access to production systems is limited to what each service and person needs to do their job. Internal dashboards and databases are not reachable from the public internet.

Secure development

Dependencies are pinned and reviewed, builds run in isolated environments, and infrastructure changes go through version control. We monitor for vulnerable packages and patch promptly.

Data ownership

Your code and projects belong to you. We use your data only to operate the service, never sell it, and let you delete your account and associated project data at any time.

Responsible disclosure

We welcome reports from security researchers. If you believe you've found a vulnerability, please report it privately and give us a reasonable window to investigate and fix the issue before any public disclosure. Do not access or modify other users' data, and avoid actions that could degrade the service for others.

Report a vulnerability → security@spinini.com

Have a security question? Email security@spinini.com. This page describes our current practices and is updated as the platform evolves.