Security

Access to the Stamper One terminal requires an authenticated account. Accounts are provisioned through a managed authentication system, and sessions are protected and time-limited, with automatic sign-out after a period of inactivity. Administrative and internal tools are gated separately behind role-based access, distinct from customer accounts.

All traffic between your browser and our services is encrypted in transit using TLS. Data at rest is held with managed infrastructure providers that encrypt stored data. Payments are handled by our payment provider, and we do not receive or store full card numbers.

We apply least-privilege access throughout the system.

• The terminal data layer is reachable only through an authenticated, same-origin gateway that verifies each session before any data is returned.
• Customer-facing data endpoints are restricted to an allowlist and require server-side credentials that are never exposed to the browser.
• Database access is governed by row-level controls, and privileged keys are used only on the server, never on the client.
• Administrative and operational endpoints are separated from customer endpoints and protected independently.

We build on established infrastructure providers that maintain their own security programmes, including Vercel for hosting and delivery, Supabase for database and authentication, and Railway for backend services. We minimise the data we collect: our public website analytics do not store visitor IP addresses, and browser user agents are stored only as a one-way hash.

We welcome reports from security researchers. If you believe you have found a vulnerability, please use the contact form on our website and mark your message as a security report, with enough detail to reproduce the issue. Please give us a reasonable opportunity to investigate and remediate before any public disclosure, and do not access, modify, or delete data that is not yours, or degrade the service for others.

Space Sat Lab, Inc., Delaware, United States.