breat.fr

Security Model

This page describes what Brivacia protects against, how, and what remains your responsibility as a self-hosted admin.

Authentication

Cross-Site Request Forgery (CSRF)

Content Security Policy & headers

Tracking pixel endpoint

The pixel endpoint (api/pixel.php) is the only route reachable by anonymous visitors, so it gets extra scrutiny:

Data minimization & visitor privacy

Logs

Updates

Data storage

What's outside Brivacia's control (your responsibility as a host)

Brivacia protects the application layer, but a few things depend on how you deploy it:

Reporting a security issue

If you find a security issue in Brivacia, please [contact details / process to fill in] rather than opening a public issue, so it can be fixed before being disclosed.

Do you find this project useful? You can support its development using the buttons in the page footer.