Security & Privacy

Your security and privacy are our top priorities at OrangeCat

Our Security Philosophy

OrangeCat is built on Bitcoin-first principles, which means we prioritize decentralization, self-custody, and transparency. We never hold your funds, and we design our systems to minimize the data we collect while maximizing security.

Bitcoin Security

Your Bitcoin remains under your control. We facilitate payments but never custody funds.

Data Minimization

We collect only the minimum data necessary to provide our services.

Security Features

Transport Encryption

All data transmission is encrypted using industry-standard TLS 1.3 protocols. E2E messaging encryption is planned.

Self-Custody Bitcoin

We never hold your Bitcoin. You maintain full control over your private keys and funds.

Row Level Security

Database-level authorization ensures users can only access their own data.

Managed Infrastructure

Hosted on managed cloud platforms (Vercel for the app, Supabase for the database) that handle patching and uptime.

Open Source

The codebase is public on GitHub, so anyone can read, audit, or report issues.

Platform Monitoring

Uptime and error monitoring are provided by the underlying platforms. We do not currently run a dedicated security operations center.

Authentication & Authorization

Multi-factor authentication support
Password hashing handled by Supabase Auth (bcrypt-based)
Session management with automatic expiration
OAuth 2.0 social login (GitHub)

Data Protection

Personal data encryption at rest (provided by Supabase)
Data minimization — we collect only what the product needs
Public bug-bounty channel via security@orangecat.ch

Bitcoin Security

No custody of user funds — payments flow directly to your wallet
Lightning Network support via LNURL
Transaction transparency on the Bitcoin blockchain

Security Concerns?

If you have security concerns or believe you've discovered a vulnerability, please contact us immediately.

Page last reviewed: 2026-06-09.

Security & Privacy

Your security and privacy are our top priorities at OrangeCat

Our Security Philosophy

Bitcoin Security

Your Bitcoin remains under your control. We facilitate payments but never custody funds.

Data Minimization

We collect only the minimum data necessary to provide our services.

Security Features

Transport Encryption

All data transmission is encrypted using industry-standard TLS 1.3 protocols. E2E messaging encryption is planned.

Self-Custody Bitcoin

We never hold your Bitcoin. You maintain full control over your private keys and funds.

Row Level Security

Database-level authorization ensures users can only access their own data.

Managed Infrastructure

Hosted on managed cloud platforms (Vercel for the app, Supabase for the database) that handle patching and uptime.

Open Source

The codebase is public on GitHub, so anyone can read, audit, or report issues.

Platform Monitoring

Uptime and error monitoring are provided by the underlying platforms. We do not currently run a dedicated security operations center.

Authentication & Authorization

Multi-factor authentication support
Password hashing handled by Supabase Auth (bcrypt-based)
Session management with automatic expiration
OAuth 2.0 social login (GitHub)

Data Protection

Personal data encryption at rest (provided by Supabase)
Data minimization — we collect only what the product needs
Public bug-bounty channel via security@orangecat.ch

Bitcoin Security

No custody of user funds — payments flow directly to your wallet
Lightning Network support via LNURL
Transaction transparency on the Bitcoin blockchain

Security Concerns?

If you have security concerns or believe you've discovered a vulnerability, please contact us immediately.

Page last reviewed: 2026-06-09.