Your account
Only your data loads after sign-in.
Dashboard requests are scoped to the signed-in athlete so another user cannot read your race history.
Privacy and security
Your performance belongs to you.
SwimSight is designed around account-scoped data, protected APIs, strict validation, rate limits, and private community access.
Protected APIs
Validation, origins, and rate limits.
Public endpoints reject unexpected fields, oversized bodies, cross-origin writes, and excessive traffic.
Data storage
Production secrets stay server-side.
Database keys and private API credentials belong in environment variables, never in public client code.