Security Policy

Last updated: November 1, 2023

This policy covers the security aspects of Illumtori, from data storage to user access.

Data Protection

• Encryption: All user data, both at rest and in transit, are encrypted using industry-standard methods.
• Backup: Data are regularly backed up to secure, geographically-separated locations.
• Retention and destruction: Data no longer required are destroyed securely, inline with best practices.
• We use Amazon Web Services ("AWS") to host our application and user data. You can find more information about their security practices at https://aws.amazon.com/security/.
• We do not store users's payment information and use Stripe for payment processing. You can find more information about their security practices at https://stripe.com/docs/security.

Access Control

• Authentication: Account access are verified through an email/password combination or Google Accounts authentication via OAuth 2.0. User-generated passwords are encrypted via a hashing function and salt prior to storage in our database.
• Access logs: We conduct regular reviews and audits of access logs.

Bugs and Vulnerabilities

Let us know if you identify any bugs or security vulnerabilities in our application. We will do our best to fix those issues as quickly as we can.

Data Privacy

Please see our privacy policy for full details.