Security
Last updated July 9, 2026
Here's a plain-language summary of how Sunfire Exchange protects your account and data. If anything here is unclear, email info@sunfireexchange.com.
Encryption
- All traffic between your browser and Sunfire Exchange is encrypted with HTTPS/TLS.
- Your data is encrypted at rest in our database provider (Supabase).
- Passwords are never stored in plain text — they're hashed with industry-standard algorithms, so no one at Sunfire Exchange can see your actual password.
Data isolation
Every table in our database enforces row-level security policies at the database layer — not just in application code. That means even if a bug existed in our app, the database itself refuses a request for anyone else's listings, sales, messages, or financial records. Your data is scoped to your account by default, not by convention.
Payments
Card payments are handled entirely by Stripe, a PCI-DSS Level 1 certified payment processor. Sunfire Exchange never receives, transmits, or stores your full card number — only Stripe does.
AI features
When you use an AI feature (pricing suggestions, description generation, photo analysis, message drafting), the relevant text or photo is sent to Anthropic's Claude API for that single request. It is not used to train models beyond that request, and it is not shared with any other third party.
What we're still building
We believe in being upfront about what's in place today versus on the roadmap:
- Two-factor authentication (2FA) is not yet available but is planned.
- Self-serve account deletion is coming to Settings; until then, email us and we'll delete your account and data.
Responsible disclosure
If you believe you've found a security vulnerability, please email info@sunfireexchange.com with details. We ask that you give us a reasonable time to investigate and fix an issue before disclosing it publicly, and that you avoid accessing or modifying other users' data while testing.
For details on what data we collect and why, see our Privacy Policy. For our terms of use, see our Terms of Service.