All user data is encrypted and passed through a secure connection via HTTPS when a user is active on Hylo. We have recently completed an audit of our user authentication code, and we follow best practices for session management, password storage, etc. We don’t yet have multi-factor auth support, but we are about to roll out a few more improvements that will pave the way for that in the future.