Security
Baseline practices for access and data protection.
Transport and storage
The site should be served over HTTPS. Sensitive flows such as payments use established payment providers.
Access control
Accounts and API access should use strong passwords and role-based permissions where the product supports it.
Reporting incidents
Report suspected security issues promptly using the operator contact published on the site.