🛡️ Security & Privacy

Built with paranoid-grade security

Your photos are your memories. We treat them with enterprise-grade security from day one — because you deserve nothing less.

Our seven security commitments

TLS 1.3 in transit. AES-256 at rest. Envelope encryption for sensitive data. Optional zero-knowledge mode on Pro tier.

We only request photoslibrary.readonly scope. We cannot delete from your Google account. Ever. Period.

Every photo is checksum-verified (SHA-256) before we allow you to delete from Google. We show the match. You confirm the batch.

Your photos never have public URLs. Every view uses a 5-minute, single-use signed link. Leaked links die in minutes.

Every upload scans through Microsoft PhotoDNA. Matches are quarantined and reported to authorities within one hour.

Every action — login, upload, share, delete — is logged with IP and timestamp. You can download your own audit trail.

India's Digital Personal Data Protection Act 2023. Granular consent, data export, right to erasure, grievance officer — all built-in.

In strict compliance with Google API Limited Use policy. Your photos never train any AI model — ours, or anyone else's.

Every security layer assumes the previous one has failed. An attacker must defeat all twelve independently.

1Network edge (Cloudflare WAF + DDoS)

2Application (CSP, CSRF, SSRF blocks)

3Authentication (Argon2id + 2FA + PKCE)

4Authorization (RBAC + UUID IDs)

5Data layer (Postgres RLS + envelope encryption)

6Storage (private buckets + signed URLs)

7Secret management (Doppler + KMS)

8Mobile (cert pinning + biometric)

9CI/CD (signed commits + SBOM)

10Monitoring (Sentry + audit logs)

11Human factors (MDM + phishing training)

12Business continuity (multi-cloud failover)

We welcome security researchers. Contact security@shiftphotos.com for responsible disclosure.