Bouncer
Policies

Security

How we protect your data

  • All traffic to and from Bouncer is encrypted in transit with HTTPS.
  • Sign-in is handled by Google OAuth — we never see or store your password.
  • Database access is protected by row-level security, so users can only read the data they are entitled to.
  • Gmail authorization tokens are encrypted at rest and stored in a table that browser clients cannot access at all — only our server can read it.
  • Your check-in QR code contains only an internal account identifier — no name, email, or other personal information.

For details on what data we collect and why, see our Privacy Policy.

Reporting a vulnerability

If you believe you've found a security issue in Bouncer, please email otie.net@gmail.com with a description of the issue and steps to reproduce it. Please give us a reasonable opportunity to investigate and fix the issue before disclosing it publicly, and do not access or modify other users' data while researching. We take every report seriously and will respond as quickly as we can.