Interpreting Animats' question as concern for the user population, I think it's a valid one.
The new administration in the US is openly hostile, and a lot of damage could be done to peoples' lives if, say, the community was hacked and private email addresses (or other PII) was leaked.
And I also agree with you -- now's the time for those of us who can afford it, to fly our ally flags as loudly and proudly as possible.
OP: Please make sure your secure coding and operational security practices are excellent and meet the challenge here.
I am taking security very seriously. All sensitive rows are protected by RLS, and I have gone even further by adding random noise to all location data. Locations are locked down, but in the unfortunate event of a hack what would be leaked is location within a 5 or so mile range, not exact location.
If it is possible on Supabase I would like to eventually obscure emails and oauth info.
5 mile range is pretty serious, it narrows someones locations down to a single town in the entire world. Just dont store it at all and you're all good.
I'm wondering if it's more or less safe (from doxxers attacking individual users, or the entire service being compromised) to share location with this app vs. Lex. In any case I chose not to share location yet, and don't know if Lex is any safer (they require location).
I got an offer of a "code review" like that once for an authentication system and never heard back; it was open source anyway so anybody could have downloaded it and found my rookie mistakes like
signed_token = content + MD5(secret_key+content)
which doesn't stop anyone from appending to the content (might not have really been exploitable, but any honest review from somebody who knew more than me would have turned it up)
I'm sorry, but considering your rapid pace of development and team size, and the extremely sensitive content and vulnerable user base, I have no faith that security and privacy are well-maintained against malicious users and attackers.
This is no disrespect to the quality of the prototype you have built. This is a real-world pragmatic observation.
If I were in the US, and particularly in one of the seriously intolerant red states, there's no way I'd want and of my details in their database.
I don't think it's catastrophising to consider there may well be very real risks to being openly trans in the US in the near future. Risks of not only blackhat 4chan hackers, but also from government and legal system attacks on sites like this.
There's nothing new about this, sad though it is. People, particularly insecure people, have tried to suppress minorities since the dawn of time, and they're constantly inventing new ways to do it.
Is it really a good idea to paint a bullseye on this group in the US right now?