Privacy Measures

1. Data Privacy and Confidentiality:

• We do not store user passwords. User authentication is handled securely through Firebase Authentication.
• Peer-to-peer chat is text-only. Media files cannot be exchanged, minimizing the risk of inappropriate content sharing.
• User data is encrypted during transmission (using HTTPS) and At-Rest (MongoDB Atlas ensures data encryption). At-rest encryption
  is a security measure to ensure that data stored in a database (on disk) remains encrypted and protected from unauthorized access,
  even if the storage medium is compromised.

2. Monitoring of Peer-to-Peer Chat:

• While media sharing is restricted, chat messages are stored securely on our database for operational purposes. Access to this data is
  limited to authorized personnel following strict guidelines.

3. User Data Access and Protection:

• Role-based access control ensures that users can only access data relevant to their permissions.
• JWT (JSON Web Token) authentication with the HS256 algorithm ensures secure communication between users and the server.

Access Control

1. Login Mechanisms:

• Multiple authentication methods are supported, including:
• Login with Apple
• Google Login
• Email and password
• Face Id / Biometric Login using Assymetric Strategy
• Authentication through Firebase, followed by backend verification using JWT

2. Agency-Level Access:

• Agency-level access (e.g., consortium access) is strictly controlled. Agencies only have access to the data and features explicitly
  permitted by the application.

3. Server-Side Security:

• Role-based access control mechanisms on the server restrict unauthorized operations.
• Refresh tokens are provided for extended sessions while maintaining secure authentication.
• API rate limiting is implemented to prevent abuse and denial-of-service (DoS) attacks.

General Security Measures

1. Secure Server Infrastructure:

• The server is deployed on Google Cloud Compute Engine, benefiting from Google Cloud’s robust security practices.
• Nginx is used as a reverse proxy to manage incoming traffic efficiently and securely.

2. Database Security:

• The MongoDB Atlas database uses end-to-end encryption for data at rest and in transit
• Secure connections to the database are enforced through SSL/TLS protocols.

3. API and Key Security:

• Environment variables, including sensitive API keys, are stored securely and are inaccessible from the source code repository.

4. Source Code Management

• The source code is hosted on GitHub in a private repository, ensuring restricted access.
• Regular security audits are conducted on the repository to prevent unauthorized access.

5. Authentication Protocols

• JWT is used for secure session management, implementing the HS256 algorithm for token signing.
• FaceID and biometric authentication are supported for a seamless and secure login experience

6. Network Security:

• All communication between the client and the server is secured via HTTPS, ensuring encryption of data in transit.
• Firewall rules and access controls on Google Cloud protect the server against unauthorized access.

By implementing these measures, we ensure the security and privacy of user data and comply with industry best practices for safeguarding
sensitive information.