Security
How DevBar protects your data, credentials, and infrastructure.
Zero-Storage Architecture
DevBar never stores your platform data on our servers. The data flow is simple: your connected platforms send data via their APIs to the DevBar app running on your Mac, and it is rendered on your screen. Nothing is persisted server-side. When you close DevBar, the data is gone.
Credential Security
All API tokens and credentials are stored exclusively in the macOS Keychain, encrypted by the Secure Enclave. They never leave your device and are never transmitted to DevBar servers. Each token is scoped to the minimum permissions required by the integration.
Authentication
- SAML 2.0 SSO — Enterprise customers can enforce single sign-on through their identity provider.
- SCIM provisioning — Automated user provisioning and de-provisioning via your IdP.
- Touch ID — Biometric unlock for quick, secure access to DevBar.
- Auto-lock — DevBar locks automatically when your Mac sleeps or the screen locks.
Audit & Compliance
Partitioned audit logging tracks all administrative actions with configurable retention periods. Audit logs can be archived to R2, S3, B2, or GCS for long-term storage and compliance requirements.
Infrastructure
- HTTPS/TLS — All traffic is encrypted in transit with TLS 1.2+.
- Security headers — HSTS, Content-Security-Policy, X-Frame-Options, and X-Content-Type-Options are enforced on all responses.
- Rate limiting — API endpoints are rate-limited to prevent abuse.
Compliance Roadmap
- SOC 2 Type II — In progress.
- GDPR — Compliant. See our Privacy Policy and DPA.
Vulnerability Disclosure
If you discover a security vulnerability, please report it responsibly. See our SECURITY.md for disclosure guidelines, or email us directly at [email protected].