Your data deserves serious protection. Here is how we keep it safe.
Last updated: February 21, 2026
Patchlight is built on a local-first philosophy: your feedback data stays on your device. We believe you should not have to trade privacy for productivity. Our security architecture reflects that commitment at every layer.
Your feedback data is processed and stored entirely on your device. Nothing leaves your machine unless you explicitly choose to sync. You stay in full control of your data at all times.
If you opt in to cloud sync, all data is encrypted end-to-end before it leaves your device. Only you hold the decryption keys. Even we cannot read your synced data.
Passwords are hashed using bcrypt with industry-standard cost factors. We never store plaintext passwords. Session management uses secure, httpOnly JWT tokens with short expiration windows.
All account data stored in our database is encrypted at rest using AES-256 encryption. Our database infrastructure is powered by Neon Postgres with built-in encryption and automated backups.
Patchlight is hosted on Vercel's enterprise-grade infrastructure with automatic DDoS protection, global edge network, and 99.99% uptime SLA. All connections are secured with TLS 1.3.
We are actively pursuing SOC 2 Type II certification to formalize our security controls. Our policies and procedures are designed to meet the Trust Services Criteria for security, availability, and confidentiality.
We conduct regular internal security reviews and engage third-party security firms to perform penetration testing and vulnerability assessments. Findings are triaged and resolved promptly.
We welcome reports from security researchers. If you discover a vulnerability, please report it to us privately. We commit to acknowledging reports within 48 hours and resolving critical issues as quickly as possible.
We take security reports seriously. If you have discovered a vulnerability in Patchlight, please reach out to us privately. We commit to acknowledging your report within 48 hours.
security@patchlight.netFor general security questions or concerns, you can also reach our team at support@patchlight.net.