← Security Center
PUBLIC THREAT MODEL

NoData Public Threat Model

This is not a marketing document. It's an engineering document detailing what we protect, what we don't, and why. Last updated: March 2026.

23
Threats Analyzed
16
Protected
7
Known Limitations
criticalPROTECTEDMan-in-the-Middle (MITM)

TLS 1.3 + HSTS preload + Certificate pinning. All communication is end-to-end encrypted.

criticalPROTECTEDDatabase breach - Supabase compromise

All sensitive fields encrypted with AES-256-GCM at field level. Even if DB is breached - content is encrypted and unreadable. Keys not stored in DB.

highPROTECTEDSecrets in git history

Environment variables only. .env*.local in .gitignore. gitleaks checks in CI. @nodatachat/protect encrypts .env files.

highKNOWN LIMITATIONVercel employee access to env vars

⚠️ Known limitation: Vercel manages environment variables. We rely on their security model (SOC 2 Type II certified). Critical encryption keys stored separately in GCP Cloud Run (me-west1).

mediumPROTECTEDUser metadata exposure

Device token authentication only - no names, emails, or identifying info. IP addresses stored as SHA-256 hash only.

Methodology

This threat model is based on STRIDE (Spoofing, Tampering, Repudiation, Information Disclosure, Denial of Service, Elevation of Privilege) and OWASP Top 10.

We update this model with every significant architectural change, and after every external pentest. The model is published in Git with full change history.

⚡ This model does not replace a professional pentest. We recommend conducting an external pentest in addition to self-review.