Security
Enterprise-grade security for your code and data
At CoderFile.io, security is a core priority. We protect your code, data, and privacy with multiple layers of defense. Every feature is built with data protection in mind, from encryption to access control.
Data Encryption
In Transit
All data transmitted between your browser and our servers is encrypted using TLS 1.3, the latest and most secure encryption protocol. This prevents man-in-the-middle attacks and ensures your code cannot be intercepted during transmission.
At Rest
All stored data, including code snippets and user information, is encrypted at rest using AES-256 encryption, meeting military-grade security standards.
Authentication & Access Control
- Password Security: All passwords are hashed using bcrypt with per-user salts, making them virtually impossible to reverse-engineer.
- OAuth Integration: Support for Google sign-in provides secure, password-less authentication.
- Row-Level Security (RLS): Database policies ensure users can only access their own data.
- Session Management: JWT tokens with automatic expiration and refresh mechanisms.
Infrastructure Security
- Cloud Infrastructure: Hosted on enterprise-grade cloud infrastructure with 99.9% uptime SLA.
- DDoS Protection: Advanced protection against distributed denial-of-service attacks.
- Automated Backups: Daily encrypted backups with point-in-time recovery.
- Security Monitoring: 24/7 monitoring for suspicious activity and intrusion attempts.
Code Execution Security
Code execution happens in isolated, sandboxed environments:
- Sandboxed Execution: All code runs in isolated containers with limited resources.
- Resource Limits: CPU, memory, and execution time limits prevent abuse.
- Network Isolation: Executed code cannot access internal networks or other users' data.
Compliance & Best Practices
- GDPR Compliant: Full compliance with EU data protection regulations.
- OWASP Top 10: Protection against all OWASP Top 10 vulnerabilities.
- Security Headers: Comprehensive security headers including CSP, HSTS, and X-Frame-Options.
- Regular Audits: Quarterly security audits and penetration testing.
Vulnerability Disclosure Policy
We take security vulnerabilities seriously. If you discover a security issue, please report it responsibly:
How to Report
- Email security@coderfile.io with details of the vulnerability
- Include steps to reproduce the issue
- Do NOT publicly disclose the vulnerability until we've addressed it
- We'll acknowledge your report within 48 hours
- We'll provide regular updates on remediation progress
Response Timeline:
- Critical vulnerabilities: Fixed within 24-48 hours
- High severity: Fixed within 7 days
- Medium severity: Fixed within 30 days
- Low severity: Fixed in next release cycle
Security Roadmap
Upcoming security enhancements:
- Two-Factor Authentication (2FA) - Q2 2026
- SOC 2 Type II Certification - Q3 2026
- Advanced Audit Logging - Q2 2026
- IP Whitelisting for Enterprise - Q3 2026
For IT Administrators
If your organization needs to whitelist CoderFile.io, here are the details your security team needs:
Domains to Whitelist
- • coderfile.io
- • *.coderfile.io
- • muvrltomjwfoavkhiqgm.supabase.co (backend API)
Machine-Readable Trust Metadata
- trust.json:/trust.json — Structured categorization and security metadata
- security.txt:/.well-known/security.txt — RFC 9116 compliant
- humans.txt:/humans.txt — Team identification
- DNT Policy:/.well-known/dnt-policy.txt — Do Not Track compliance
Site Categorization
- Category: Information Technology / Developer Tools
- Content Rating: Safe
- Similar Sites: codepen.io, jsfiddle.net, replit.com
- Malware/Phishing: None
Need a pre-written email template to request access? Visit our Enterprise Access page.
Frequently Asked Questions
Security Contact
For security inquiries, vulnerability reports, or enterprise security requirements:
- Security Team: security@coderfile.io
- Response Time: Within 48 hours
- PGP Key: Available upon request
- Security.txt:/.well-known/security.txt