Security Policy
Last updated: January 2026
Security is foundational to a tool that controls your PC. Here's how we protect your account and data.
Account security
Passwords are hashed with Argon2id. Sessions use short-lived tokens with rotating, reuse-detected refresh tokens in secure, httpOnly cookies.
Infrastructure
All traffic is encrypted in transit (TLS) and data is encrypted at rest. Secrets are stored in a managed secret store, never in code.
Cloud relay
The Pro relay pairs your devices with authenticated, entitlement-checked sessions. Your PC only accepts commands from devices you've paired to your account.
Reporting
Found a vulnerability? Email security@streampad.app. We appreciate responsible disclosure and will respond promptly.
Questions about this policy? Contact us.