Security

Security is part of every account operation.

Identity information, account access, and operational actions are protected with layered application and infrastructure controls.

Strong password hashing and account lockout

HTTP-only, secure, SameSite session cookies

Optional authenticator-based two-factor authentication

Encrypted identity documents in private storage

Server-side role and scope enforcement

Rate limiting and same-origin mutation checks

Audited balance, KYC, IBAN, payment, and session actions

Security headers and production-safe error handling

Responsible disclosure

Report suspected vulnerabilities through the contact channel. Do not access or alter data that does not belong to you.