Security

At 4evr.at, we take the security of your data seriously. Our platform is built with multiple layers of protection to ensure your QR codes and information remain secure.

Infrastructure Security

Cloudflare Workers

Our platform runs on Cloudflare's global edge network, providing:

  • DDoS protection at the edge
  • SSL/TLS encryption for all connections
  • Global redundancy and failover
  • Isolated execution environments

Data Protection

  • Encryption at Rest: All data stored in our databases is encrypted
  • Encryption in Transit: All communications use TLS 1.3
  • Password Security: Passwords are hashed using bcrypt with salt
  • Token Security: JWT tokens with short expiration times

Application Security

Bot Protection

Cloudflare Turnstile protects against automated attacks

Input Validation

All user inputs are sanitized and validated

CORS Protection

Strict CORS policies prevent unauthorized access

Rate Limiting

API endpoints are rate-limited to prevent abuse

Payment Security

We use Stripe for payment processing, which is PCI DSS Level 1 certified. We never store credit card information on our servers. All payment data is handled directly by Stripe's secure infrastructure.

Security Best Practices

To help keep your account secure:

  • Use a strong, unique password
  • Enable two-factor authentication (coming soon)
  • Keep your email account secure
  • Log out when using shared devices
  • Report suspicious activity immediately

Incident Response

In the unlikely event of a security incident, we have procedures in place to:

  • Immediately investigate and contain the issue
  • Assess the impact and affected users
  • Notify affected users within 72 hours
  • Implement measures to prevent recurrence

Report Security Issues

If you discover a security vulnerability, please report it responsibly to:
[email protected]

We appreciate security researchers who help us keep 4evr.at safe. Responsible disclosure helps protect our users while we address any issues.