Security

RyphexGuard security focuses on limiting access, protecting secrets, and reducing unnecessary data visibility.

Access controls

Team members can be invited with specific permissions such as pulling members, viewing settings, updating settings and deleting members.

Secret handling

Bot tokens, OAuth secrets, SMTP passwords and payment keys should be stored only in environment variables. Never send secrets in chat screenshots or public support tickets.

Dashboard privacy

IP address and location fields are not shown in the user dashboard after the privacy cleanup. Server owners should only see member data that is useful for verification/support.

Incident response

If a token or key is exposed, revoke it, create a new one, update environment variables and restart the app.

Security contact

Report issues to ryphexguard@gmail.com.