Start Free Tier

Security Overview

Updated on March 9, 2026. These policies are adapted from the Basecamp Open-Source Policies / CC BY 4.0

SenseFolks is a product research platform developed by Projckt , India. Your research data matters, and protecting it is something we take personally.

We apply the same care to your data that we'd want applied to ours. Here's exactly how we keep things locked down.

Contents

Authentication and access control

User sessions are managed through session-based authentication backed by Redis.

Passwords are hashed using Argon2, a memory-hard algorithm designed to resist brute-force and GPU-based attacks.

We also support Google OAuth for users who prefer third-party authentication.

Sessions expire after a defined period of inactivity, and session tokens are invalidated on logout. No passwords are stored in plain text, ever.

Data protection

All data is stored in databases following best practices for performance and reliability.

Database backups run daily at regular intervals, and those backups are encrypted.

Files uploaded to the platform are stored via Cloudinary with access controls in place.

Transport security

All data in transit between you and us is encrypted over HTTPS. We enforce TLS for every connection.

Within our private networks, data transfers are encrypted as well.

Cloudflare sits in front of our infrastructure, providing an additional layer of DNS security and DDoS protection.

Application security

We apply multiple layers of protection at the application level:

Infrastructure

SenseFolks runs on Hetzner cloud servers with Cloudflare providing CDN, DNS, and security services. Our software infrastructure is updated regularly with the latest security patches. The network is locked down with firewalls and carefully monitored.

Billing and payment security

We do not store your credit card information.

Payments on SenseFolks are handled by Paddle , a merchant of record that provides payment infrastructure to thousands of software companies worldwide.

Your billing data goes directly to Paddle and never touches our servers.

Monitoring and incident response

We monitor our systems continuously to catch suspicious activity against our domains. We use PostHog for product analytics, which helps us spot unusual patterns early.

To date, we have never had a data breach. If someone does successfully mount an attack, we will immediately notify all affected customers.

We also audit internal data access. If a Projckt employee wrongly accesses customer data, they will face penalties ranging from termination to prosecution.

Law enforcement

Projckt does not disclose your data to law enforcement unless required by valid legal process. We reject requests that do not meet legal requirements.

Unless legally prohibited, we notify affected users when we receive such requests.

Data deletion

All your content will be inaccessible immediately upon subscription cancellation or account deletion.

Within 30 days of cancellation or deletion, all your content will be permanently deleted from all servers and logs.

This information cannot be recovered once it has been permanently deleted. All data will be permanently deleted from backups within 60 days.

Report an incident

Noticed abuse, misuse, an exploit, or experienced an incident with your account? Please email us at [email protected] .

Your input and feedback on our security is always appreciated. Keeping your data safe is an ongoing effort, and we're glad to have you as part of it.

By using SenseFolks, you agree to the Terms of Service , Privacy Policy , and related policies. If you have questions, please Contact Us .