Security

This page explains how we protect your data and what you can expect from us.

Hosting & Infrastructure

Our Shared Stories is hosted on Render, a managed cloud platform responsible for the security of the underlying infrastructure — including servers, storage, networking, and the data centre environment.

All connections to Our Shared Stories use modern HTTPS (TLS 1.2+), which encrypts data in transit between your browser and our service. Render also provides encryption at rest for our managed database and stored secrets.

To help keep the service safe and available, Render automatically includes:

  • DDoS protection powered by Cloudflare.
  • Firewall and intrusion detection to block common threats such as SQL injection, XSS, and request forgery.
  • Private networking so communication between internal services does not travel over the public internet.
  • Encrypted storage (minimum AES-128) for databases and secrets.

Render’s platform and processes are independently audited and certified to ISO 27001 and SOC 2 Type 2 standards, and support GDPR compliance. This provides an additional layer of assurance that the infrastructure behind Our Shared Stories meets international security expectations.

Your Account & Identity

Every member of Our Shared Stories uses a handle rather than their real name. This is required for all accounts and helps ensure a level of anonymity from the moment you join. Your handle is the only identity other users will ever see.

While we ask for an email address during registration and for features such as password resets, your email is never shown to other users or to the public. There is no way for someone to contact you through the platform, and no one can look up who you are by email.

Your password is never stored in plain text. It is securely hashed using industry-standard methods so it cannot be read directly, even by us.

Please remember that anything you include in your Our Shared Stories may still identify you, especially if you mention names, locations, or specific details.

Our Shared Stories & Data Protection

You control the visibility of each story you write. Our Shared Stories can be:

  • Private – only you can see them
  • Members only – visible to signed-in members
  • Public – visible to anyone who visits the site

Stories you choose to publish will be stored in our database so that we can show them to you and, depending on your settings, to other readers. We do not sell your stories, or use them for advertising, and we do not share them with third parties for marketing.

In limited cases, authorised administrators may access your members-only or public stories to respond to abuse reports, keep the service safe, or fix technical issues. Access is restricted to people with a clear need to perform these tasks.

Analytics & Cookies

We use Plausible Analytics to understand how people use Our Shared Stories so we can improve the service. Plausible is a privacy-friendly analytics tool that does not use cookies and does not track individual users across sites.

We do not run advertising, we do not build marketing profiles of users, and we do not use third-party trackers such as Facebook Pixel or Google Analytics.

Access Control & Administration

Access to administration features is restricted to a very small number of authorised accounts. Admins can review reported stories, manage user accounts, and respond to safety, security, or abuse issues. All admin actions are logged to help prevent misuse and allow us to investigate any mistakes.

Administrators may suspend or delete user accounts in limited circumstances, such as:

  • At the user’s request — for example, if someone asks for their account to be deleted.
  • Repeated or serious violations — such as posting harmful content, harassment, or other behaviours that undermine the safety of the community.
  • Ongoing misuse of the platform — including actions that compromise security, abuse reporting features, or intentionally disrupt the service.

These measures exist solely to protect the wellbeing of the community and ensure that Our Shared Stories remains a safe and supportive space for everyone.

Your Responsibilities

No online service can be completely risk-free. You can help protect your account by:

  • Choosing a strong, unique password for Our Shared Stories.
  • Keeping your device and browser up to date.
  • Being careful about what personal details you share in your Our Shared Stories.

Questions About Security

If you have questions or concerns about security, or if you believe your account has been accessed without your permission, please contact us using the details on the Privacy or Terms page.