What security measures does Tycoon use?
All data moving between your browser and Tycoon's servers is encrypted in transit. Content stored on Tycoon's infrastructure is encrypted at rest. Login uses a managed identity provider with secure password handling. Two-factor authentication via authenticator apps is supported.
How is access controlled?
Workspace data is scoped to workspace members. The team cannot access workspaces they aren't part of. Infrastructure access is limited to a small set of engineers and logged.
Sessions expire after a period of inactivity. You can review active sessions and sign out from Settings → Account → Sessions.
How does Tycoon handle infrastructure?
Tycoon runs on managed cloud infrastructure from a major provider. Backups are encrypted and tested. Production systems are isolated from development systems. The team monitors for unusual activity and notifies you of significant events.
How do I report a security issue?
Send details to the security address listed in Settings → Account → Security. Confirmed issues are triaged on priority. Tycoon does not run a public bounty program but takes responsible disclosure seriously.
What should I do on my end?
- Use a unique, strong password (a password manager helps)
- Turn on 2FA in Settings → Account → Security
- Review active sessions periodically
- Be cautious of phishing — Tycoon never asks for passwords by email
For binding policy language, see /privacy.