How we protect your data.

All traffic between your browser and our servers is encrypted via TLS 1.3 (HTTPS). Stored data — including your readings, dreams, custom spells, and account details — is encrypted at rest using industry-standard AES-256 inside our database provider’s managed infrastructure (Supabase / PostgreSQL).

Backups are encrypted with the same standard and retained according to a documented retention policy.

All payments are processed through Stripe and PayPal. Card numbers, CVV codes, and bank details never touch our servers. We store only the metadata necessary to honor your purchase (anonymized customer ID, transaction reference, amount, status).

Both providers are PCI-DSS Level 1 compliant — the highest standard available for payment processing.

Authentication uses Supabase Auth with bcrypt-hashed passwords and JWT-based sessions. Session tokens are httpOnly and SameSite-strict cookies, protecting against common XSS and CSRF attacks.

Two-factor authentication is on the roadmap for Q3 2026. You can request account deletion at any time from /account— it’s a 30-day soft delete with full data purge after.

Found a security issue? Please report it to support@insightsbyomkar.com before disclosing publicly. We commit to acknowledging your report within 48 hours and working in good faith to resolve the issue.

We don’t currently run a paid bug bounty program, but we credit responsible reporters in our changelog and security acknowledgements.