Security Policy
Last updated: November 1, 2023
This policy covers the security aspects of Illumtori, from data storage to user access.
Data Protection
- Encryption: All user data, both at rest and in transit, are encrypted using industry-standard methods.
- Backup: Data are regularly backed up to secure, geographically-separated locations.
- Retention and destruction: Data no longer required are destroyed securely, inline with best practices.
- We use Amazon Web Services ("AWS") to host our application and user data. You can find more information about their security practices at https://aws.amazon.com/security/.
- We do not store users's payment information and use Stripe for payment processing. You can find more information about their security practices at https://stripe.com/docs/security.
Access Control
- Authentication: Account access are verified through an email/password combination or Google Accounts authentication via OAuth 2.0. User-generated passwords are encrypted via a hashing function and salt prior to storage in our database.
- Access logs: We conduct regular reviews and audits of access logs.
Bugs and Vulnerabilities
Let us know if you identify any bugs or security vulnerabilities in our application. We will do our best to fix those issues as quickly as we can.
Report an issue
Data Privacy
Please see our privacy policy for full details.