Skip to content

Security Policy

Last updated: April 4, 2026

Security First

At Rovee, we take security seriously. As a small team building navigation software for RVers, we understand the importance of keeping your data and our infrastructure secure.

Security Measures

We implement the following security measures:

  • HTTPS Everywhere: All connections use TLS 1.3 encryption
  • EU Data Storage: All data stored in EU (AWS EU-West, GDPR compliant)
  • No Sensitive Data: We don't collect payment info, passwords are hashed
  • Rate Limiting: API endpoints protected against abuse
  • Input Validation: Strict validation on all user inputs
  • Security Headers: CSP, HSTS, X-Frame-Options, and more
  • Regular Updates: Dependencies kept up to date
  • No Third-Party Trackers: Privacy-focused analytics only

Responsible Disclosure

We welcome security researchers and users to report vulnerabilities. If you find a security issue:

  • Email: security@rovee.io
  • Subject: Use "Security Report" as subject line
  • Details: Include clear description and steps to reproduce
  • Impact: Explain potential impact of the vulnerability

What to expect:

  • Initial response within 48 hours
  • Regular updates on remediation progress
  • Credit in security advisories (if desired)
  • No legal action for good-faith reports

Out of Scope

The following are not considered security issues:

  • Self-XSS (attacks that require user to execute code in their own browser)
  • Social engineering attacks
  • Denial of Service (DoS) attacks
  • Issues in third-party services we use
  • Known issues already documented
  • Missing security headers on static assets (they don't contain sensitive data)

Data Breach Response

In the unlikely event of a data breach:

  1. Investigate and contain the breach within 24 hours
  2. Assess impact on user data
  3. Notify affected users within 72 hours
  4. Report to Portuguese Data Protection Authority (CNPD)
  5. Implement fixes and prevent recurrence
  6. Publish post-mortem (sanitized) for transparency

Secure Communication

For sensitive security matters, you can encrypt your email using PGP. Contact us at security@rovee.io for the public key.

Security Checklist for Users

Protect your Rovee account:

  • Use a unique, strong password
  • Don't share your waitlist confirmation emails
  • Verify you're on rovee.app before entering data
  • Report suspicious emails claiming to be from Rovee

Updates to This Policy

This security policy may be updated periodically. Check back for the latest version. Last updated: April 4, 2026