Your data, protected
Security isn't a feature we bolt on later — it's built into every layer of NeonPod. Here's how we protect what you build.
Encryption at Rest
All sensitive content — time entry descriptions, task titles, issue reports — is encrypted with AES-256-GCM before it reaches the database. Each value gets a unique initialization vector and authentication tag. The database never stores plaintext for sensitive fields.
Encryption in Transit
Every connection to NeonPod is encrypted with TLS/HTTPS, provisioned automatically via Let's Encrypt. API requests, browser sessions, and database connections are all encrypted in transit.
Authentication & Access Control
Sessions are managed through NextAuth with server-side validation. Role-based access control operates at two scopes: pod-level (Owner, Admin, Member) and project-level (Manager, Contributor, Viewer). Every API route enforces team isolation and permission checks.
Infrastructure
NeonPod is hosted on Hetzner in EU-grade data centers. We run our own deployment pipeline — no third-party CI services touch your code or data. No third-party analytics scripts. First-party session cookies only.
Data Ownership
Your data belongs to you. We don't sell it, share it, or use it for advertising. Reports support CSV export so your hours and breakdowns are always portable.
No Tracking
We use first-party, server-side analytics only. No Google Analytics, no third-party scripts, no ad networks, no fingerprinting. Your browsing behavior stays between you and NeonPod.
Our commitment
We're builders who care about the same things you do — knowing our work is safe and our data isn't being exploited. NeonPod will never sell your data, train models on your content, or inject third-party tracking. If we ever change our approach, you'll know first.
Questions about security? We're transparent by default.
Get Started Free