Family history is sensitive. Here's what we do to protect it.
All traffic between your browser and Geneviva is encrypted with SSL/TLS. HTTPS is enforced — unencrypted connections are not accepted.
Our hosting infrastructure includes network-level DDoS protection and CloudFlare integration for additional security and traffic filtering.
Sign in with Google OAuth 2.0 or email and password. Passwords are hashed and never stored in plain text. Sessions use secure tokens.
Every request is authenticated and authorized server-side. You can only read or write data in trees you own or have been explicitly invited to.
Our hosting environment uses OS-level account isolation (CageFS/CloudLinux) so no other hosted application can access your data.
Our infrastructure runs Imunify360, a proactive security suite that continuously scans for malware and blocks threats before they reach your data.
Trees are not discoverable. There are no public profiles or search indexes. Access requires a direct invite from the tree owner.
Invite links use cryptographically random tokens. Tokens are single-use and expire after acceptance. Revoked invites immediately lose access.
Our infrastructure runs daily offsite backups. If something goes wrong, your family tree data can be restored from the previous day's backup. We retain multiple backup generations.
Geneviva is hosted on enterprise-grade hardware with NVMe storage and a 99.9% uptime SLA. Infrastructure is monitored continuously, 24/7/365. Our hosting provider operates data centers across multiple regions.
Access to production data is restricted to a very small number of people and requires justification. We will never read your family tree content except to diagnose a technical issue you have explicitly asked us to investigate.
We use a minimal set of third-party services: Google (authentication) and our hosting provider (servers, storage, backups). We do not use advertising SDKs or analytics tools that have access to your family tree content.
If you discover a security issue, please report it responsibly before disclosing publicly. We will respond within 48 hours and work with you to resolve it promptly.
Email: hello@genevia.app
We do not currently offer a bug bounty program, but we are grateful for responsible disclosures and will acknowledge your contribution.