Security

Security & Trust

Classifindr is built with security at every layer. Here's how we protect your account and data.

No Marketplace Credentials Required

Classifindr never asks for your Facebook, Gumtree AU, Gumtree UK, Craigslist, Trade Me, Kijiji, or OfferUp login credentials. We monitor public listing data, and you never need to share your marketplace passwords with us. Your marketplace accounts remain entirely separate and untouched.

Account Security

  • Passwordless sign-in

    Sign in the way that works best for you, with magic links, one-time email codes, Google or Apple sign-in, or passkeys for biometric authentication. There are no passwords to remember, reuse, or have stolen.

  • Secure session management

    Short-lived access tokens with automatic rotation ensure that even a compromised token has minimal exposure time.

Authentication & Access Controls

  • Automated abuse prevention

    Requests are monitored and throttled to prevent brute-force attempts and abuse.

  • Activity monitoring

    Account activity is monitored and logged for security purposes.

  • Automatic session expiry

    Sessions expire automatically after a period of inactivity. Logging out immediately invalidates your current session.

Notification Delivery Trust

  • Verified notification destinations

    All notification channels (mobile push, Telegram, Discord, email, Web Push) are validated before activation to ensure alerts reach only destinations you control.

  • Reliable, rate-managed delivery

    Notification delivery is managed to prevent overload and ensure consistent, timely arrival of your alerts across all channels.

Data Handling & Privacy

  • Tenant isolation

    Your data is always scoped to your account. Every database query and API endpoint enforces tenant isolation so one user can never access another user's data.

  • Structured logging with PII redaction

    Application logs use structured formats with automatic redaction of personally identifiable information. No secrets or PII are written to log output.

  • No selling of user data

    Classifindr does not sell, trade, or share your personal data with third parties for advertising or marketing purposes.

  • Privacy policy

    For full details on how we collect, use, and protect your data, see our privacy policy.

Infrastructure Security

  • Host-header validation and hardening

    Requests are validated against expected host headers to prevent host-header injection attacks.

  • Content Security Policy (CSP) ready

    The deployment configuration supports Content Security Policy headers to mitigate cross-site scripting and data injection attacks.

  • Regular dependency auditing

    Third-party dependencies are regularly audited for known vulnerabilities and updated to patched versions.

  • Secure defaults

    All configuration options default to the most secure setting. Security is not opt-in; it is the baseline.

Reporting Security Concerns

If you discover a security vulnerability or have concerns about the security of Classifindr, we want to hear from you. Responsible disclosure helps us keep the platform safe for everyone.

Please report security issues through our contact page. We take all reports seriously and will respond promptly.

Ready to Get Started Securely?

Create your account with confidence. No marketplace credentials required.

Get Started Free View Pricing
  • No marketplace login needed
  • 7 days free, 10 trial units
  • Cancel any time
  • Encrypted, passwordless sign-in