Security and privacy are important features of Tapestry. When you use a connector, you may sometimes need to authorize an account using your private information like an email address or a password.

Tapestry protects this information in several ways:

• The app uses login mechanisms like OAuth and JWT where your credentials are not know or stored by us. You login to the service and Tapestry gets back an access token that it used when needed.
• Connectors do not have access to these tokens. They are stored securely in your keychain (password manager). Additionally, Tapestry only uses the token when communicating with the site that issued it. For example, if "mysecuresite.com" issued the token, it is only supplied in requests to that domain. A request to "hackersite.com" does not see your token.
• Connectors will automatically be disabled if an access token is revoked. If you turn off access at "mysecuresite.com", Tapestry's connector will no longer work and present you with an error.
• Tapestry connectors run in a JavaScript sandbox. They do not have access to any part of your device and are very secure. It is the same thing that Safari uses to protect you while surfing the web.