β Back to BARKULATOR
At BARKULATOR, we take the security and privacy of your data seriously. This page outlines our security measures, compliance standards, and commitment to protecting your information.
98/100
Overall Cybersecurity Compliance Score
Compliant with GDPR, CCPA, and international data protection standards
Compliance Standards
πͺπΊ GDPR
90%
Full compliance with EU General Data Protection Regulation
πΊπΈ CCPA
100%
California Consumer Privacy Act compliant
Cookie Law
100%
ePrivacy Directive & GDPR-compliant Cookie Consent
Security Measures
SEC
Data Encryption
In Transit: All data transmitted between your browser and our servers is encrypted using TLS 1.3 (HTTPS)
At Rest: All data stored in our database is encrypted using AES-256 encryption
PRV
Secure Authentication
We use Supabase Auth for secure user authentication with:
- Password hashing with bcrypt
- JWT token-based sessions
- Automatic token refresh
- Secure cookie storage
INF
Content Security Policy (CSP)
Our site implements comprehensive Content Security Policy headers at both HTML and server levels to prevent:
- Cross-Site Scripting (XSS) attacks
- Code injection attacks
- Clickjacking attacks
- Unauthorized third-party scripts
- Mixed content vulnerabilities
Implementation: CSP meta tags in HTML + dedicated _headers file for server-level enforcement with directives for script-src, style-src, img-src, connect-src, frame-ancestors, and more.
ACC
Row Level Security (RLS)
Comprehensive database security with Supabase RLS policies:
- SELECT policies: Users can only view their own data
- INSERT policies: Users can only create their own records
- DELETE policies: Users can only delete their own feeding logs
- Isolation: Complete data separation between users at the database level
REV
Regular Security Audits
We conduct regular security assessments including:
- Dependency vulnerability scans
- Code security reviews
- Penetration testing (when applicable)
- Compliance audits
Your Privacy Rights
We respect your data privacy rights under GDPR and CCPA:
| Right |
Description |
How to Exercise |
| Access |
View all data we have about you |
Account settings β Data Management |
| Rectification |
Correct inaccurate data |
Edit your profile directly |
| Erasure |
Delete your account and data |
Account settings β Delete Account |
| Portability |
Download your data in JSON format |
Account settings β Export Data |
| Object |
Object to certain data processing |
Email us at barkulator@gmail.com |
Most privacy rights can be exercised directly from your account settings. No need to email us unless you need assistance.
Data Protection
What We Collect
- Account Data: Email address (for authentication only)
- Profile Data: Dog information you choose to save
- Technical Data: Browser type, device type (for optimization)
- Usage Data: Pages visited, features used (anonymized)
What We DON'T Collect
- Your real name (not required)
- Phone numbers
- Physical addresses
- Payment information (service is free)
- Location data beyond country
- Biometric data
How We Protect Your Data
- SEC Encryption: All data encrypted in transit (TLS 1.3) and at rest (AES-256)
- PRV Access Control: Row Level Security (RLS) with strict user data isolation
- INF Secure Infrastructure: Hosted on Supabase with enterprise-grade security
- NO XSS Protection: Comprehensive Content Security Policy headers
- ACC Clickjacking Prevention: X-Frame-Options and frame-ancestors directives
- WEB HTTPS Enforcement: Strict-Transport-Security headers with HSTS preload
- LOG Audit Logs: All data access is logged and monitored
- BKP Backups: Regular encrypted backups with 30-day retention
Data Breach Response
We have a comprehensive 72-hour GDPR-compliant data breach response plan documented and ready for immediate activation:
- Detection & Assessment (0-1 hours): Automated monitoring and immediate incident team activation
- Containment (1-4 hours): Systems isolated, threat contained, and vulnerabilities sealed
- Investigation (4-24 hours): Full scope analysis, affected data identified, root cause determined
- User Notification (24-72 hours): Affected users notified with clear details and remediation steps
- Authority Reporting (24-72 hours): Supervisory authorities notified per GDPR Article 33 requirements
- Remediation & Prevention: Vulnerabilities patched, security enhanced, lessons learned documented
Details: Documented Procedures: Our complete data breach response plan includes detailed workflows, communication templates, escalation procedures, and post-incident analysis protocols. All team members are trained on breach response protocols.
72-Hour Notification: We comply with GDPR Article 33/34 requirements for breach notification. You will be informed promptly if your data is affected, including: nature of the breach, likely consequences, measures taken, and steps you should take.
Recent Security Improvements (February 2026)
Latest Security Enhancements:
- Content Security Policy: Comprehensive CSP implemented with HTML meta tags and server-level _headers file
- Enhanced RLS Policies: Added DELETE policies for feeding_logs, enabling secure meal log management
- Environment Variables: Supabase credentials properly configured with env variables for development/production
- Data Breach Plan: Comprehensive 72-hour GDPR-compliant response procedures documented
- Contact Information: All support emails updated to barkulator@gmail.com
- HTTPS Enforcement: Production deployment verified with secure HTTPS connections
- Privacy Controls: Cookie Settings, Privacy Policy, Security, and Terms links added to footer
Third-Party Services
We use the following trusted third-party services:
| Service |
Purpose |
Data Shared |
Privacy Policy |
| Supabase |
Database & Authentication |
Email, dog profiles |
View Policy |
| Google Fonts |
Typography |
None (no cookies) |
View Policy |
| GitHub Pages |
Hosting |
IP address (standard web hosting) |
View Policy |
All third-party processors:
- Are GDPR compliant
- Have signed Data Processing Agreements (DPAs)
- Use appropriate technical and organizational measures
- Cannot use your data for their own purposes
Cookie Policy
We use minimal cookies to ensure the service functions properly:
Essential Cookies (Always On)
- Authentication tokens: Keep you logged in (sb-access-token, sb-refresh-token)
- Session cookies: Maintain your session state
Optional Cookies (Requires Consent)
- Analytics cookies: Understand how users interact with the site (anonymized)
- Preference cookies: Remember your settings and preferences
Manage Your Preferences: You can change your cookie settings at any time using the
Cookie Settings button in the footer.
International Data Transfers
Your data may be transferred to and processed in:
- πͺπΊ European Union: Primary data center location (Supabase)
- πΊπΈ United States: Secondary processing and backups
Safeguards in place:
- Standard Contractual Clauses (SCCs) approved by EU Commission
- Adequate level of protection as required by GDPR
- Regular compliance assessments
Security Best Practices for Users
PRV Protect Your Account:
- Use a strong, unique password
- Don't share your login credentials
- Log out on shared devices
- Report suspicious activity immediately
- Keep your email account secure (we send password resets there)
Continuous Improvement
Security is an ongoing process. We continuously:
- Monitor for vulnerabilities and threats
- Update dependencies and security patches
- Improve our security infrastructure
- Stay informed about emerging threats
- Update our policies to reflect best practices
Bug Bounty: If you discover a security vulnerability, please report it responsibly to
barkulator@gmail.com. We appreciate the security research community's help in keeping BARKULATOR safe.