Security

1. Encryption

All traffic to and from Wantd is encrypted in transit using TLS. Customer data at rest is stored in Supabase, which encrypts the underlying database storage.

2. Payment data

Wantd never stores your payment-card details. All card processing is handled by Stripe, a PCI-DSS-compliant payment provider. We only receive a customer reference and subscription status from Stripe.

3. Access controls

Access to production systems is restricted to authorised personnel and protected by strong authentication. We follow the principle of least privilege — people only get access to the systems they need for their role.

4. Responsible disclosure

If you discover a security vulnerability in Wantd, please report it to tomiwa@wantd.tech rather than disclosing it publicly. Helpful reports include:

• A clear description of the issue.
• Steps to reproduce it.
• The potential impact, as you see it.

We aim to acknowledge security reports within 48 hours and will keep you informed as we investigate and fix the issue. We do not currently run a paid bug-bounty programme, but we are grateful for responsible disclosure and will credit reporters where appropriate.

5. Contact

Security questions or reports: tomiwa@wantd.tech.