Security Center
We are committed to protecting your data with industry-standard safeguards and total transparency.
No Security Incidents
GetSmokeFree has not experienced any data security breaches or incidents requiring user notification as of January 25, 2026.
We continuously monitor our systems for security threats and maintain safeguards to protect your data.
Breach Notification Policy
If a breach occurs that affects your data or rights, we will notify you via:
- Email to your registered address
- In-app notification banner
- Public notice on this page
- Media notice (if required by law)
Security Architecture
Technical Safeguards
State-of-the-art protection for your data at every stage.
- TLS 1.3 Encryption (In Transit)
- AES-256-GCM Encryption (At Rest)
- bcrypt Password Hashing
Infrastructure & Monitoring
Hosted on Google Cloud Platform (ISO 27001) & Supabase (SOC 2 Type 2).
- 24/7 Intrusion Detection
- Automated Vulnerability Scanning
- Role-Based Access Control (RBAC)
Data Protection Impact Assessment (DPIA)
We conduct regular assessments to identify and mitigate risks to your privacy.
View Full DPIA in Privacy PolicyUnderstanding Breaches
What IS a Breach?
- Unauthorized access to our database containing user data.
- Ransomware attack that encrypts or exfiltrates data.
- Accidental exposure of sensitive user records online.
- Malicious insider accessing data without authorization.
What is NOT a Breach?
- Failed login attempts (even if automated/bot attacks).
- Attacks blocked by our firewall or WAF.
- Loss of a device that is fully encrypted.
- Scheduled maintenance downtime.
Report a Vulnerability
If you discover a security vulnerability, please report it responsibly. We commit to investigating within 7 days and fixing critical issues within 30 days.
security@getsmokefree.orgPolicy Highlights
- No legal action against good-faith researchers
- Recognition/Credit given after fix (optional)
- Please do not disclose publicly before fix
Next Scheduled Review: July 25, 2026