Skip to main content

Security

Security

We take security seriously. Here's how we protect our platform and how you can help.

Security Measures

Encryption

All data encrypted in transit (TLS 1.3) and at rest (AES-256). Passwords hashed with bcrypt.

Authentication

Supabase Auth with secure session management. MFA available for brands, publishers, and admins.

Authorization

Row-Level Security (RLS) on every database table. Role-based access control on all API endpoints.

CSRF Protection

All state-changing requests validated against Origin header. Next.js Server Actions provide additional CSRF protection.

Security Headers

HSTS, CSP, X-Frame-Options, X-Content-Type-Options, Referrer-Policy, and Permissions-Policy on every response.

Input Validation

Zod schemas validate all user input on every Server Action and API route. Parameterized queries prevent SQL injection.

Rate Limiting

Authentication endpoints rate-limited. API request limits enforced per user role.

Audit Logging

Shariah compliance decisions and admin actions logged in an immutable audit trail.

Responsible Disclosure

We welcome security researchers and responsible disclosure. If you discover a vulnerability on AdsByVirtue, please report it to us before making it public.

How to Report

Email us at: [email protected]

What to Include

  • • Description of the vulnerability
  • • Steps to reproduce
  • • Affected URL(s) or component(s)
  • • Potential impact assessment
  • • Your contact information (optional)

Our Commitment

  • • We will acknowledge your report within 48 hours
  • • We will investigate and respond within 7 days
  • • We will not take legal action against researchers who follow responsible disclosure

Security.txt

For automated security scanning, our security.txt is available at /.well-known/security.txt

Contact: mailto:[email protected]

Expires: 2027-01-01T00:00:00.000Z

Preferred-Languages: en

Canonical: https://adsbyvirtue.netlify.app/.well-known/security.txt

Questions about security?

Our team is happy to answer any security-related questions.