Currently supported versions with security updates:
| Version | Supported |
|---|---|
| 1.0.x | ✅ |
At Save My Time, we take security seriously. If you discover a security vulnerability in BeautyTryOn, please follow these steps:
DO NOT create a public GitHub issue for security vulnerabilities.
Instead, please report security issues via email to: security@savemytime.com
When reporting a vulnerability, please include:
- Description of the vulnerability
- Steps to reproduce the issue
- Potential impact of the vulnerability
- Suggested fix (if you have one)
- Your contact information for follow-up
- Acknowledgment: We'll acknowledge receipt within 48 hours
- Assessment: We'll assess the vulnerability within 7 days
- Updates: We'll keep you informed of our progress
- Resolution: We aim to fix critical issues within 30 days
- Credit: With your permission, we'll credit you in the security advisory
When using BeautyTryOn:
- Never share your Supabase service role key
- Use environment variables for all secrets
- Keep dependencies updated regularly
- Enable Row Level Security in Supabase
- Use HTTPS in production
- Validate all user inputs on the backend
- Implement rate limiting for API endpoints
- Camera access requires user permission
- Image uploads are validated for size and type
- Row Level Security enforces data isolation
- Authentication tokens expire after 1 hour
- All API calls require authentication
BeautyTryOn implements several security features:
- ✅ Row Level Security (RLS) on all database tables
- ✅ Supabase Auth with JWT tokens
- ✅ HTTPS-only in production
- ✅ Input validation and sanitization
- ✅ CORS configuration
- ✅ Rate limiting (configurable)
- ✅ Secure credential storage
- ✅ No client-side secrets
We currently do not have a formal bug bounty program, but we greatly appreciate responsible security research. We may offer rewards on a case-by-case basis for significant vulnerabilities.
BeautyTryOn follows:
- OWASP Top 10 security practices
- GDPR data protection guidelines
- Industry-standard authentication protocols
Security updates are released as soon as possible after a vulnerability is confirmed. We recommend:
- Watch this repository for updates
- Enable GitHub security advisories
- Subscribe to our security mailing list
For security concerns:
- Email: security@savemytime.com
- PGP Key: [Available upon request]
For general inquiries:
- Email: support@savemytime.com
- Website: https://savemytime.com
Thank you for helping keep BeautyTryOn and Save My Time users safe! 🔒
Last updated: January 2026