Back to Documentation
Security Policy
How we protect your data
Encryption
- All data encrypted in transit using TLS 1.3
- Data encrypted at rest using AES-256
- Passwords hashed using bcrypt
Authentication
- Email verification required before access
- Session timeout after 30 minutes inactivity
- Secure password reset with expiring links
File Security
- Executable files blocked (.exe, .bat, .sh, .php)
- SVG files sanitized to prevent XSS
- Permanent deletion when files removed
Infrastructure Security
- Hosted on Firebase (Google Cloud)
- Regular security audits
- 24/7 monitoring
Vulnerability Reporting
If you discover a security vulnerability, please email darmalianstore@gmail.com. We take all reports seriously and will respond promptly.
Bug Bounty: While we don't currently offer monetary rewards, we publicly acknowledge security researchers who responsibly disclose issues.