Security

ContextOS is built with security as a default, not an afterthought. Authentication runs through NextAuth with support for email/password and OAuth (GitHub, Google). Sensitive operations, including billing webhooks, use atomic claiming to prevent race conditions and duplicate processing.

Payments

Pro subscriptions are billed via OxaPay using USDT. Payment confirmations use forward-only status transitions, meaning a payment's state can only move forward, never be replayed or rolled back by a stale webhook.

Rate limiting

API routes are protected by Redis-backed rate limiting to prevent abuse, with limits tuned per endpoint.

Data

Project data is stored in a managed Postgres database with soft-delete on AI-related routes to prevent accidental data loss. See the privacy policy for details on what's collected.