Security

We take security seriously and continually improve our controls.

Passwords are hashed with bcrypt. Session cookies are HttpOnly, Secure (when HTTPS), and SameSite=Strict.

Calendars are private by default. Public feeds are accessible only via unguessable links.

We use prepared statements for all database access and enforce CSRF tokens on forms.

If you find a security issue, email noreply@sharemycalendar.us with details.