Security at Spinini
Your code, data, and account are protected by encryption, container isolation, and hardened infrastructure — so you can build with confidence.
Encryption everywhere
All traffic to and from Spinini is encrypted in transit with TLS 1.2+. Data at rest — including your project files, database rows, and stored secrets — is encrypted on disk.
Isolated workspaces
Every project runs in its own sandboxed Linux container with dedicated CPU, memory, and process limits. Containers cannot see or reach each other, so your code and runtime are isolated from other users.
Secret management
Environment variables and API keys are stored encrypted and injected into your workspace at runtime — never written to source, never exposed in logs, and never shared across projects.
Hardened infrastructure
Services run behind a reverse proxy with automatic HTTPS. Internal services are not publicly exposed, resource limits contain runaway processes, and idle containers are automatically stopped.
Account protection
Sign in with email + password (hashed with bcrypt) or trusted OAuth providers like Google and GitHub. Email verification is required before an account becomes active.
Trusted payment handling
Payments are processed entirely by Stripe, a PCI-DSS Level 1 provider. Spinini never sees or stores your full card number — we keep only your subscription status and plan tier.
How we operate
Security is built into how we develop, deploy, and run the platform every day.
Least-privilege access
Access to production systems is limited to what each service and person needs to do their job. Internal dashboards and databases are not reachable from the public internet.
Secure development
Dependencies are pinned and reviewed, builds run in isolated environments, and infrastructure changes go through version control. We monitor for vulnerable packages and patch promptly.
Data ownership
Your code and projects belong to you. We use your data only to operate the service, never sell it, and let you delete your account and associated project data at any time.
Responsible disclosure
We welcome reports from security researchers. If you believe you've found a vulnerability, please report it privately and give us a reasonable window to investigate and fix the issue before any public disclosure. Do not access or modify other users' data, and avoid actions that could degrade the service for others.
Report a vulnerability → security@spinini.comHave a security question? Email security@spinini.com. This page describes our current practices and is updated as the platform evolves.