Security

Last updated: June 10, 2026

Your website is your business's front door. Here is how we protect it and the data behind it.

Platform security

  • All traffic to our app, API, and hosted websites is encrypted with TLS (HTTPS).
  • Sign-in is protected by Google OAuth or hashed passwords, with rate limiting and bot protection on authentication endpoints.
  • Published websites are served from Cloudflare's global network, isolated from our application infrastructure.
  • Payments are handled by Stripe, a PCI-DSS Level 1 provider; we never store your card details.
  • Production access is restricted, secrets are kept out of source control, and all requests are validated and rate-limited at the API boundary.

Content safety

Generated websites pass automated checks before publishing, and content moderation screens for abusive or illegal material. Generated pages run without arbitrary third-party scripts, and form endpoints are rate-limited to prevent spam.

Monitoring and reliability

We monitor errors and system health continuously, with automated recovery for failed background jobs and versioned website deployments that let us roll back a site to a previous version when needed.

Reporting a vulnerability

If you believe you've found a security vulnerability in EasyWebsites, please email hello@easywebsites.app with the subject line "Security". Include steps to reproduce, and please give us reasonable time to fix the issue before public disclosure. We do not pursue legal action against good-faith security research that respects user data and service availability.

For how we handle personal data, see our Privacy Policy.