Account security
Accounts are protected by authentication controls, secure session handling, and access restrictions. Use a strong, unique password and keep your login credentials private. Sign out on shared devices.
Email verification
Email verification helps confirm account ownership and reduces unauthorized signups. Certain sensitive actions may require a verified email address.
Google OAuth
When Google sign-in is enabled, authentication is handled through Google's OAuth flow. We receive limited profile information needed to create or link your account — not your Google password.
Password hashing
Passwords are stored using industry-standard one-way hashing — not in plain text. We never ask for your password by email.
Role-based access
Internal features use role-based access controls so users only see data and actions appropriate to their account type. Admin capabilities are restricted to authorized personnel.
Admin access controls
Administrative access to production systems is limited, logged where practical, and used only for support, maintenance, and security operations.
Payment secrets handled by providers
Payment card data and sensitive billing credentials are processed by third-party payment providers. Freelance OS does not store full card numbers on our servers.
AI provider keys protected
API keys for AI providers are stored server-side and are not exposed to client browsers. AI requests are routed through our backend infrastructure.
Infrastructure security
We apply practical infrastructure protections including:
- HTTPS for data in transit
- Environment-based secrets management
- Regular dependency updates where feasible
- Monitoring and error logging for incident response
We do not claim SOC 2, ISO 27001, or similar certifications unless explicitly published elsewhere with verification.
Reporting vulnerabilities
If you discover a security issue, please report it responsibly to security@getfreelanceos.com. Include steps to reproduce and avoid public disclosure until we have had a reasonable time to investigate. We appreciate good-faith reports.
Related policies
For data handling details, see our Privacy Policy, Subprocessors, and Trust Center.