OurYearBook is built with privacy-first principles. Here is how we protect your data, secure the platform, and maintain a safe environment for your school memories.
Passwords are hashed with bcrypt and require a minimum of 8 characters. Sessions use httpOnly, secure cookies — never localStorage. All authentication is handled through Supabase Auth with email verification on signup.
All state-changing requests (POST, PUT, DELETE) are validated against the Origin header. Cross-origin forged requests are blocked with a 403 response.
API endpoints are protected with per-IP sliding window rate limits to prevent brute-force attacks, spam, and abuse. Signatures, reports, and account deletion are all rate-limited.
OWASP-recommended security headers are enforced: X-Frame-Options (DENY), X-Content-Type-Options (nosniff), Strict-Transport-Security (HSTS), Referrer-Policy, and Permissions-Policy.
Photo uploads are validated for MIME type (JPEG, PNG, WebP, GIF only), file size (5MB max), and file extension. Upload paths include random tokens to prevent enumeration.
Supabase Row Level Security (RLS) policies enforce that users can only access data they are authorised to see. Every database table has explicit RLS policies — no data is publicly accessible.
Account creation requires explicit, affirmative consent via a checkbox. Users must agree to data processing before they can sign up. Consent can be withdrawn at any time by deleting the account.
Users can permanently delete their account and all associated data from Account Settings. Deletion cascades across all tables — yearbook profiles, signatures, votes, alumni updates, memberships, blocks, and reports. Deletion results are logged for verification.
Users can export all their personal data in machine-readable JSON format via the "Export My Data" button in Account Settings. The export includes: profile information, yearbook pages, signatures (authored and received), alumni updates, votes, memberships, and memory prompts.
Users can hide their yearbook pages from alumni view via a toggle in Account Settings. When enabled, profiles are not visible to other alumni browsing the yearbook after graduation or end of the school year.
All pages carry noindex/nofollow meta directives. OurYearBook content is never indexed by search engines. Your yearbook pages are only visible to authenticated classmates.
We use only essential session cookies to keep you signed in. No tracking, analytics, or advertising cookies are used. A cookie consent banner informs users on first visit.
All data is stored in Supabase-managed PostgreSQL databases. Data at rest is encrypted. All connections use TLS encryption in transit. Supabase infrastructure operates within SOC 2 Type II certified data centres.
Active users' data is never deleted. If an account is inactive for 6 months, a 7-year retention clock begins. Users receive bi-weekly email reminders in the 6 months before scheduled deletion. Data is then soft-deleted with a 30-day recovery window before permanent removal. Deletion is per-user — one person's inactivity never affects their classmates' data. Users may request immediate deletion at any time via Account Settings.
All data is encrypted in transit (TLS 1.2+) and at rest (AES-256 via Supabase/AWS). Passwords are hashed using bcrypt — never stored in plain text. Session tokens are stored in httpOnly, secure cookies.
A built-in profanity filter screens signatures and messages for inappropriate language, including common evasion patterns (leetspeak). Users can report content, and class admins can review, dismiss, or action reports through a dedicated admin reports page.
Users can block other members to prevent them from signing their page or interacting with them. Block status is checked before any signature creation.
OurYearBook requires users to be at least 16 years old. Age is verified at signup via date of birth. We do not knowingly collect personal data from children under 16.
Class admins can lock a yearbook after graduation or end of the school year, permanently preserving all profiles and signatures. Once locked, no content can be edited, added, or deleted — creating an authentic archive of your memories.
We do not sell, share, or transfer user data to third parties for marketing, advertising, or any other commercial purpose. Your yearbook data belongs to you.
Our Privacy Notice is comprehensive and accessible. Users have clear visibility into what data is collected, how it is used, how long it is retained, and how to exercise their rights. This Trust & Safety page and our audit report provide full transparency into our security posture.
For questions about security, privacy, or account safety, contact us at support@ouryearbook.app
Last updated: 19 April 2026