At 6FB Booking Platform, we take security seriously. Your data and privacy are protected with industry-leading security measures and best practices.
Data Encryption
- • In Transit: All data is encrypted using TLS 1.3 during transmission
- • At Rest: Sensitive data is encrypted in our databases using AES-256
- • Payment Data: Never stored on our servers - handled directly by Stripe (PCI DSS Level 1)
- • Password Security: All passwords are hashed using bcrypt with salt
Authentication & Access Control
- • JWT Tokens: Secure, time-limited access tokens with refresh capability
- • Role-Based Access: Granular permissions system for different user types
- • Session Management: Automatic logout and session timeout protection
- • Rate Limiting: Protection against brute force and DDoS attacks
Infrastructure Security
- • Cloud Security: Hosted on secure, SOC 2 compliant infrastructure
- • Database Security: Regular backups, point-in-time recovery, and access controls
- • Network Security: Firewalls, VPNs, and network segmentation
- • Monitoring: 24/7 security monitoring and intrusion detection
Application Security
- • Input Validation: All user inputs are validated and sanitized
- • SQL Injection Protection: Parameterized queries and ORM usage
- • XSS Protection: Content Security Policy and output encoding
- • CSRF Protection: Anti-forgery tokens on all forms
Compliance & Certifications
GDPR Compliance
Full compliance with EU General Data Protection Regulation, including data subject rights and privacy by design principles.
CCPA Compliance
Compliant with California Consumer Privacy Act, providing transparency and control over personal information.
PCI DSS
Payment processing through Stripe ensures PCI DSS Level 1 compliance for all payment card data handling.
SOC 2 Type II
Our infrastructure partners maintain SOC 2 Type II compliance for security, availability, and confidentiality.
Data Privacy
- • Data Minimization: We only collect data necessary for service functionality
- • Retention Limits: Data is automatically deleted according to retention policies
- • Access Controls: Strict internal access controls with audit logging
- • Data Portability: Export your data at any time in standard formats
Security Practices
- • Regular Audits: Quarterly security assessments and penetration testing
- • Vulnerability Management: Automated scanning and prompt patching
- • Incident Response: Defined procedures for security incident handling
- • Employee Training: Regular security awareness training for all staff
Your Security Responsibilities
Best Practices for Users:
- • Use strong, unique passwords for your account
- • Keep your login credentials confidential
- • Log out when using shared or public computers
- • Report any suspicious activity immediately
- • Keep your contact information up to date
Reporting Security Issues
If you discover a security vulnerability or have security concerns, please contact us immediately:
- Security Team: [email protected]
- Response Time: Within 24 hours
- Bug Bounty: We have a responsible disclosure program
Security Updates
We continuously monitor security threats and update our systems accordingly. Critical security updates are applied immediately, and users are notified of any changes that affect their accounts or data.