Lets talk BigStash.app Security

Trust is everything when you're cataloging something as personal as your jewelry, watches, or family heirlooms. So we've published a new page that explains exactly how BigStash protects your data — no jargon, no fine print.

Read it here: bigstash.app/security

Our Security

We break our security down into three short sections:

  • Bank-level security, by design — encryption in transit and at rest, bcrypt-hashed passwords, PCI-DSS Level 1 payments via Stripe, hardened AWS storage, strict authorization, and a 30-day recovery window on deletes.

  • Our engineering practices — defense in depth, least-privilege access, verified webhooks, regular dependency updates, and a "fail closed, not open" approach to errors.

  • What you control — strong passwords or Google/Apple sign-in, private-by-default collections, and real account deletion on your terms.

Why we built it

People keep asking us, very reasonably, "Is my collection actually safe in here?" The honest answer is yes — and we wanted a single page that shows the why instead of just asking you to take our word for it. If you've ever wondered what happens to your photos, your password, or your card details when you use BigStash, the new page walks through it.

Found something? Tell us.

If you ever spot something that looks off, please reach out through our support page. We take security reports seriously and respond quickly — and we won't pursue legal action against researchers acting in good faith.

Thanks for trusting us with your collection. We don't take it lightly.