Security Policy
Last updated July 2026. This is a plain-language summary for this demo build, not formal legal advice.
How we protect the SecureCheck platform itself.
Application security
Passwords are hashed with bcrypt. Sessions are httpOnly and marked secure in production. All forms are protected against CSRF, and logins are rate-limited.
Transport security
All traffic is served over HTTPS with strong TLS and HSTS in production.
Scanning safety
Our scanner refuses to target internal/private network addresses (SSRF protection), and intrusive checks require verified ownership of the target.
Reporting a problem
See our Responsible Disclosure Policy to report a vulnerability.
See also: Privacy · Cookies · Terms · DPA · Security · Disclosure · Refunds · Acceptable use