Security
We are committed to keeping awsys.co secure for every user. This page describes our security practices and how to responsibly disclose vulnerabilities.
Responsible Disclosure
If you discover a security vulnerability in awsys.co, we ask you to disclose it responsibly. Please do not publicly disclose the vulnerability until we have had a reasonable opportunity to address it.
Contact our Security Team
Send your vulnerability report with full details to:
support@alphawavesystems.comWhat to Include in a Report
- • Description of the vulnerability and its potential impact
- • Steps to reproduce the issue
- • The URL or endpoint affected
- • Any proof-of-concept code or screenshots
- • Your contact information (optional — anonymous reports accepted)
Our Security Practices
Authentication
All authentication is handled by Firebase Authentication. We support Google, GitHub, and email/password sign-in with secure session management.
Data Encryption
All data is encrypted in transit using TLS 1.2+. Data at rest is encrypted by Google Cloud Firestore.
URL Scanning
New links are scanned against Google Safe Browsing to detect phishing, malware, and deceptive content before they can be shared.
Infrastructure
awsys.co runs on Google Cloud (Cloud Run, Firebase Hosting, Cloud Firestore) within Mexico and the United States regions.
Access Control
Production access is restricted to authorized personnel. All administrative actions are logged and audited.
Scope
In-scope for security reports:
- ✓ awsys.co and all subdomains
- ✓ The awsys.co REST API
- ✓ Mobile applications
Out of scope:
- ✗ Denial-of-service attacks
- ✗ Social engineering of staff
- ✗ Physical security