Security
Hard Deck Aero uses authenticated access controls, scoped sharing, and server-side validation to protect workspace data.
1. Authentication is required for member workspaces and action-level write operations.
2. Firestore and Storage rules enforce owner/member access boundaries.
3. Stripe webhook signatures are verified and events are deduplicated before processing.
4. Shared room snapshots are read-only and time-bound by token expiration.
5. Security issues can be reported to security@harddeckaero.com.