Security
Last updated: 2026-04-19
Data at rest
All LaneParty data is stored in a PostgreSQL database hosted by Supabase. Data at rest is encrypted using AES-256 — the same standard used by financial institutions. Database backups are encrypted using the same mechanism.
Data in transit
All connections to LaneParty use TLS 1.3. Every request between your browser and our servers is encrypted end-to-end. API calls to third-party services (Supabase, Stripe, Anthropic) are also encrypted with TLS.
Access control
Every database table is protected by Row Level Security (RLS). This means you can only read and write data that belongs to you. Even if an application bug occurred, the database layer enforces access boundaries. Administrative writes use a separate service-role key that is never exposed to the client.
No data sale. No ad networks.
LaneParty does not sell your data to anyone. We do not integrate with advertising networks. We do not share your personal information with data brokers. Your bowling scores, profile information, and usage data stay between you and LaneParty.
Authentication
Passwords are hashed using bcrypt via Supabase Auth — we never store or see your plain-text password. We support magic-link sign-in as a passwordless option. Session tokens are stored in secure, HTTP-only cookies.
Vulnerability reporting
If you discover a security vulnerability in LaneParty, please report it responsibly to security@laneparty.com. Include as much detail as you can — steps to reproduce, affected endpoints, and potential impact. We will acknowledge your report within 48 hours and aim to resolve confirmed issues within 7 days.
Responsible disclosure program
We are working on a formal responsible disclosure and bug bounty program. Details coming soon. In the meantime, please email security@laneparty.com for any security concerns.