Hosting and service providers
BlipLogger is hosted on Vercel, uses Neon for database infrastructure, relies on Stripe for payment processing, and uses NextAuth as part of the authentication layer.
Security
Security
BlipLogger uses a server-authoritative application model and a small set of managed infrastructure providers to operate the service. Protected actions stay enforced on the server rather than delegated to client-side presentation.
Authentication and session handling
Authentication decisions and protected actions are handled on the server. Account access is tied to the configured sign-in methods for each user, and session-related controls are enforced by the application rather than delegated to client-side UI state.
Validation and tenant boundaries
BlipLogger validates requests on the server and limits access to project data based on the authenticated account context. Customer data separation depends on server-side authorization and validation checks. Content security policies may be layered where appropriate, but they are not treated as the primary XSS defense boundary. Public surfaces and deeper communication review layers do not replace these server-side trust boundaries.
Vulnerability reporting
If you believe you have found a security issue, email support@bliplogger.com. Please include reproduction details, affected routes or features, and any relevant account or project context. Business address available upon request.