DS
DataShadow

Security

How we protect your data and maintain the highest security standards

1Our Security Philosophy

TL;DR: Security isn't optional—it's the base layer. Built by one privacy-obsessed dev.

Security isn't just another feature—it's the base. Built solo during Hack Club's Summer of Making, DataShadow was created with a privacy-first mindset and zero compromise on data protection, even without a big team or budget.

2K-Anonymity and Partial Data Hashing

TL;DR: We use k-anonymity to protect your privacy. Your complete data never leaves your device.

Our core technology leverages k-anonymity principles to protect your privacy:

How It Works

1
Prefix Extraction: When you enter your email or other personal data, we extract only a partial prefix (e.g., first few characters).
2
Secure Hashing: This prefix is then cryptographically hashed using SHA-256.
3
K-Anonymity Search: We search for this hash prefix in our breach database, returning only k-anonymized results where multiple potential matches exist.
4
Client-Side Verification: Final matching is performed in your browser, so complete data never leaves your device.

This approach ensures that:

  • Your complete personal information is never stored on our servers
  • We maintain plausible deniability about which specific records you're searching for
  • Even in the event of a breach of our systems, attackers cannot reconstruct your original data

3Infrastructure Security

TL;DR: Encrypted everywhere. No tracking. No enterprise budget.

Encryption

TLS 1.3 is used for all in-transit data, AES-256 for data at rest.

DDoS Protection

Basic protection is enabled via services like Cloudflare.

Regular Audits

Pen-testing and audits are done using open-source tools and community support.

Monitoring

Currently limited, but enhanced open-source monitoring is planned.

4Authentication & Access Control

TL;DR: Secure passwords, optional 2FA, no-nonsense access policies—even solo.

  • Multi-Factor Authentication: Optional 2FA for all user accounts using TOTP or WebAuthn.
  • Password Security: Passwords are hashed using Argon2id with appropriate memory, iterations, and parallelism.
  • Session Management: Short-lived, rotating session tokens with strict invalidation policies.
  • Principle of Least Privilege: Internal access controls follow strict need-to-know principles—even if it's mostly just me.

5Open Source Security

TL;DR: Frontend is open source. Backend is closed (for now) due to breach data sensitivity.

Transparency matters. That's why the frontend code is fully open source and available on GitHub. The backend is not public (yet) since it handles sensitive breach data. Still, I'll document how key processes work—privacy deserves clarity.

View Our Source Code

GitHub Repository

6Bug Bounty Program

TL;DR: No budget, no bounty—just gratitude. Still, please report any security bugs.

I don't run a formal bounty program (yet), but I welcome responsible disclosures.

Responsible Disclosure Guidelines

To report a vulnerability, please email eric@nezser.com with details of the issue.

  • Include steps to reproduce the vulnerability
  • Provide proof-of-concept code (if available)
  • Allow reasonable time for patching before public disclosure

7Compliance & Certifications

TL;DR: Built with GDPR/CCPA principles. No paid certs (yet), just real protections

We adhere to industry-standard security frameworks and maintain compliance with relevant regulations:

We follow the spirit of GDPR and CCPA:

  • Data minimization and privacy by design
  • Right to deletion and data control

    • No Formal Certs Yet:

  • SOC 2 / ISO 27001: Currently not certified due to budget (coming soon if feasible)
  • NIST CSF: Key parts of the framework are followed where applicable

If formal certifications become available, they'll be listed here. For questions, contact:

eric@nezser.com
Last Updated: June 22, 2025
Return to Homepage