We do our absolute best to protect your data and our entire infrastructure. Here's how.
Your memories are precious. That's why we built our tools with privacy and security as the foundation, not an afterthought.
Your GPS tracks, waypoints, photos, and voice memos stay on your device. We never receive them.
Cottonwood solve trees are encrypted in your browser before transmission. We can't read them even if we wanted to.
Trail Tales stories can be password-protected. Decryption happens only in your browser - passwords never leave your device.
Obsession Tracker uses SQLCipher with AES-256 encryption for its local database. Even if your device is lost, your data is protected.
Most of our tools work without creating an account. No email harvesting. No passwords to breach.
We protect our servers and APIs using OpenNHP (Network-infrastructure Hiding Protocol) - an open-source Zero Trust security framework that makes our infrastructure invisible to attackers.
OpenNHP is a cryptography-powered security layer that hides network infrastructure from unauthorized users. Unlike traditional firewalls that block access, OpenNHP makes servers completely invisible - attackers can't find what they can't see.
Built on NIST Zero Trust Architecture principles, OpenNHP uses modern cryptography including Elliptic Curve Cryptography (ECC) and the Noise Protocol Framework (the same security foundation used by WhatsApp, Slack, and WireGuard).
Protected services don't respond at all to unauthorized requests - no error messages, no login pages, just silence. Port scanners find nothing.
Access to protected resources requires Discord authentication. One-time tokens ensure links can't be shared or reused.
Access is tied to your Discord identity, not just an IP address. We know who's accessing our services and can revoke access instantly.
All resources are hidden by default. Only authenticated, authorized users gain access. Everything else is denied silently.
OpenNHP is open-source under the Apache 2.0 license. Security through transparency, not obscurity. The code is publicly auditable by the security community.
View OpenNHP on GitHubAll connections to our services use TLS 1.3 encryption. Your data is encrypted in transit.
DDoS protection, WAF, and edge caching through Cloudflare's global network.
Strict CSP, X-Frame-Options, and other security headers protect against common web attacks.
No analytics, no cookies, no fingerprinting. We respect your privacy at every level.
Found a security vulnerability? We take security seriously and appreciate responsible disclosure. Please report security issues to:
security@obsession.communityJoin our Discord community to ask questions or discuss our security practices.
Join Discord