Security

Updated: 6 April 2026

1. Infrastructure

TimeSlotApp is hosted on managed cloud infrastructure with encrypted transport (HTTPS) and provider-level network controls.

2. Authentication

User authentication is handled by Clerk. Access to protected areas requires valid sessions and authorization checks at route and API levels.

3. Payments

Payments are processed through Stripe. Card data is handled by Stripe-hosted components and tokenized flows.

4. Secrets Management

Secrets are stored in environment variables and not committed to source control. Key rotation is performed as part of operational security hygiene.

5. Monitoring and Incident Response

Operational logs and provider dashboards are used to monitor API and payment events. Security incidents are investigated and remediated as a priority.

6. Responsible Disclosure

If you discover a vulnerability, please report it to security@timeslot.uk with clear reproduction details. We will acknowledge and investigate promptly.

This page summarizes current practices and does not constitute a contractual security guarantee.

Return to home page.