Security Overview
Crosscheck is built with security at every layer. Your data is protected by industry-standard encryption, passwordless authentication, and minimal-exposure design principles.
Security at a Glance
Encryption in Transit
All data is encrypted in transit using HTTPS with TLS. No data is ever sent over unencrypted connections.
Encryption at Rest
All captures are stored securely on our managed infrastructure.
Secure File Access
Files are never publicly accessible. Every file access uses time-limited, secure URLs that expire automatically.
Managed Infrastructure
Crosscheck runs on managed infrastructure with automatic security patches, continuous monitoring, and strict access controls.
Authentication
Crosscheck uses passwordless authentication. Users sign in with a one-time password (OTP) sent to their email or via a magic link. Google OAuth is also supported for single-click sign-in. This eliminates the risks associated with password storage, reuse, and brute-force attacks.
Sessions are managed with secure, short-lived tokens that are verified on every request. The extension shares your authenticated session securely with the web application.
Data Access Controls
Access to captures is controlled at multiple levels:
- Workspace isolation: Captures belong to a workspace and are only accessible to workspace members.
- Project-level organization: Captures are organized by project within a workspace for additional scoping.
- Invite-based sharing: Specific captures can be shared with individual users via email invitation.
- Public links: Public sharing must be explicitly enabled per capture and can be revoked at any time.
Infrastructure
Crosscheck's infrastructure is built on enterprise-grade platforms with continuous monitoring, automatic patching, and strict access controls. All internal communication is encrypted, and sensitive configuration is managed securely and never exposed in source code.