How we protect your account and data
The specific practices behind Cut.bd's security — not marketing language, the actual mechanisms.
Password hashing
Account passwords are hashed with Argon2id, a memory-hard algorithm designed to resist GPU cracking. We never store passwords in plain text, and we can't recover your original password — only reset it.
Two-factor authentication
Enroll a TOTP authenticator app, a passkey (Face ID, Touch ID, Windows Hello, or a hardware key via WebAuthn), or both. Passkeys are phishing-resistant by design — there's no code to intercept.
API key storage
API keys are shown once at creation and stored server-side only as a salted SHA-256 hash. If a key is ever exposed, revoking it takes effect immediately and permanently.
Malicious-link scanning
Destination URLs are checked against Google's Safe Browsing list. Flagged links are surfaced with a warning, and high-traffic links are periodically re-checked in case a destination is compromised after the fact.
Encrypted in transit
All traffic to the dashboard, redirect engine, and public API is served over HTTPS. Session tokens are kept in memory on the client rather than written to persistent browser storage.
Found a security issue?
Report it directly rather than disclosing it publicly — we treat security reports as priority and will respond promptly.
support@cut.bdFor how we collect and use data, see our Privacy Policy.