Security

Life is a Pitch runs on Render with managed Postgres, Cloudflare R2 for blob storage, Clerk for auth, and Stripe for payments. All connections use TLS. Authentication tokens are short-lived. Service-to-service calls use scoped API keys.

Reporting a vulnerability

Please email security@lifeisapitch.org with a description and reproduction steps. We respond within 2 business days.