Last updated: 13 May 2026
All user authentication is handled by Clerk, an enterprise-grade authentication provider. Passwords are never stored by VYRA — Clerk manages credentials using industry-standard encryption and hashing. Sessions use short-lived JWT tokens and are invalidated on sign-out.
All data between your browser and VYRA's servers is encrypted in transit using HTTPS/TLS. We do not support unencrypted HTTP connections.
User data is stored in a PostgreSQL database with access controls restricting connections to authorised application servers only. Database credentials are stored as environment variables and are never exposed in the application code.
VYRA does not store any payment card information. All payment processing is handled by Stripe, which is PCI DSS Level 1 certified — the highest level of payment security certification. We only store a Stripe customer ID and subscription status in our database.
Media uploaded by users (haul photos and videos) is validated for file type and size before storage. Uploaded files are served from a dedicated directory and are not executable.
If you discover a security vulnerability on VYRA, please report it responsibly through the platform's messaging system. We take all security reports seriously and will respond promptly.