Security

All data transmitted between your device and our servers is encrypted using TLS 1.3. This prevents eavesdropping and man-in-the-middle attacks.

Your files are encrypted using AES-256 when stored on our servers. Even database administrators cannot view your content without authentication.

Passwords are hashed using bcrypt with salt rounds. We never store plain-text passwords.

New accounts require email verification before accessing the dashboard. This prevents bot accounts and ensures we can contact you for security issues.

After 30 minutes of inactivity, you're automatically logged out. This protects your account if you forget to log out on shared or public devices.

Password reset links expire after 24 hours and can only be used once. Reset requests are sent to your verified email address.

Admins can deactivate suspicious accounts. Deactivated users cannot log in until the issue is resolved. This protects the community from bad actors.

Executables and scripts are blocked for security: .exe, .bat, .sh, .php, .apk, .iso, .dll, .msi, .jar, .pyc. These could contain malicious code.

SVG files are sanitized to remove potentially malicious JavaScript. This prevents XSS attacks while preserving image appearance.

When you delete a file, it's permanently removed from both Firestore and Cloudinary. No backups, no recovery — not even admins can restore it.

All files are private. No public URLs, no indexing by search engines, no accidental exposure. You control who sees your content.

DarmalianStore is built on Firebase and Google Cloud Platform — industry-leading infrastructure with 24/7 security monitoring and compliance certifications.

We regularly review logs and monitor for suspicious activity. Unusual patterns trigger alerts for manual review.

Automated systems monitor for unauthorized access attempts, unusual traffic patterns, and potential security threats.

Strict Firestore security rules ensure users can only access their own data. Even authenticated users cannot view others' files.