Data in transit
All customer-facing endpoints are served over TLS 1.3 at the Cloudflare edge. HTTP is redirected to HTTPS before requests reach the application.
Data at rest
Production customer and venue data lives in managed Postgres with encryption at rest. Development sandboxes are isolated and are not part of the production serving path.
Authentication
- Passwords hashed with bcrypt (cost factor 10).
- Sessions use signed JWTs delivered in secure, HttpOnly cookies with a 7-day expiry and environment-scoped secrets.
- Google OAuth, password reset, and email verification routes use signed state or hashed one-time tokens.
- CORS restricted to an environment-scoped allowlist in production.
- Per-IP rate limits cover auth, public capture, public scan, newsletter, lead, and key owner/admin mutation endpoints.
Privacy hygiene
Public scan endpoints log a truncated SHA-256 of the client IP with a production salt; raw IPs are never persisted. Admin-as-owner access is audit logged, and customer export/delete actions are tracked for privacy response workflows.
Reporting a vulnerability
Please email security@loyaltychips.com. We acknowledge reports within 3 business days.