Squadrift

Trust, Privacy & Security

Plain-English summary of how Squadrift handles your data and the controls we use to keep it safe. This page is maintained by the Squadrift team and is not an independent certification.

What we store

Account profile (gamertag, avatar, status), the chats, DMs, and voice rooms you take part in, friend relationships, and basic usage analytics. Uploaded attachments live in private storage and are served with short-lived signed URLs.

How it's protected

Data is stored in our managed Postgres backend with row-level security enabled on every user-facing table — you can only read and write your own rows (plus the channels you've joined). Privileged operations run only in server-side functions; the browser never sees the service role key.

Connections to the app use HTTPS. Push notification endpoints are restricted to known browser push services to prevent abuse.

Who can see your messages

Channel messages are visible to members of that channel. Direct messages are visible only to you and the recipient. Squadrift staff do not browse private messages; we only access content when required to investigate an abuse report you or another user has filed.

Your controls

You can block users, leave channels, mute notifications per type, and delete your account from Settings. Deleting your account removes your profile and cascades to data you own.

Reporting a security issue

Found a vulnerability or want to report abuse? Email security@squadrift.com. Please include steps to reproduce and don't access data that isn't yours while testing.