Encryption in transit
Traffic to Webstorio and published sites is served over HTTPS. Sensitive credentials are never stored in plaintext in application logs.
Trust & safety
We build Webstorio so you can ship sites and apps without babysitting infrastructure, while keeping accounts, projects, and customer data appropriately protected.
Report a security issueSecurity is part of how we operate hosting, auth, and the builder — not an afterthought bolted on at publish time.
Traffic to Webstorio and published sites is served over HTTPS. Sensitive credentials are never stored in plaintext in application logs.
Authentication and session handling protect account access. Rate limiting reduces brute-force and abuse across auth and public APIs.
Projects and published sites are logically separated. Customer content is not shared across accounts; authorization is enforced server-side.
We monitor for misuse and anomalous activity, and can suspend accounts that violate our Terms of Service or threaten platform safety.
We rely on reputable cloud hosting, CDN, and edge security providers (including Cloudflare) to help absorb attacks and keep sites available.
Found a vulnerability? Email us. We appreciate good-faith reports and will investigate promptly. See our security.txt for contact details.
When you use Webstorio to collect data from your own visitors, you are the controller and we act as your processor under our DPA. Platform account and analytics data is covered by our Privacy Policy.
Join founders and creators who are launching production-grade websites without the technical headaches.