Security Policy
Last updated: 2 July 2026
VroxStore Billing is designed with security as a core requirement. This policy summarizes our practices; Enterprise customers may receive additional documentation under NDA.
Infrastructure
- TLS encryption in transit (HTTPS everywhere)
- Tenant data isolation at the application layer
- Regular OS and dependency patching on production servers
- Encrypted backups and access-controlled admin paths
Application security
- Password hashing (bcrypt/argon2 via framework defaults)
- API authentication via tokens (Sanctum)
- Rate limiting on auth and public endpoints
- Role-based access control on paid plans
Incident response
We investigate reported vulnerabilities and breaches promptly. Notify [email protected] for security issues.
Your responsibilities
Use strong passwords, enable 2FA when available, limit staff permissions, and report suspicious activity.