Security
We take security seriously. Here's how we protect our platform and how you can help.
All data encrypted in transit (TLS 1.3) and at rest (AES-256). Passwords hashed with bcrypt.
Supabase Auth with secure session management. MFA available for brands, publishers, and admins.
Row-Level Security (RLS) on every database table. Role-based access control on all API endpoints.
All state-changing requests validated against Origin header. Next.js Server Actions provide additional CSRF protection.
HSTS, CSP, X-Frame-Options, X-Content-Type-Options, Referrer-Policy, and Permissions-Policy on every response.
Zod schemas validate all user input on every Server Action and API route. Parameterized queries prevent SQL injection.
Authentication endpoints rate-limited. API request limits enforced per user role.
Shariah compliance decisions and admin actions logged in an immutable audit trail.
We welcome security researchers and responsible disclosure. If you discover a vulnerability on AdsByVirtue, please report it to us before making it public.
Email us at: [email protected]
For automated security scanning, our security.txt is available at /.well-known/security.txt
Contact: mailto:[email protected]
Expires: 2027-01-01T00:00:00.000Z
Preferred-Languages: en
Canonical: https://adsbyvirtue.netlify.app/.well-known/security.txt
Our team is happy to answer any security-related questions.