Security

All traffic to Depository 360 is served over HTTPS/TLS, and HTTP Strict Transport Security (HSTS) is enforced. Application data is stored in a managed Postgres database (Neon) hosted on reputable cloud infrastructure with encryption at rest provided by the platform.

Passwords are hashed with bcrypt (work factor 12) and are never stored or logged in plaintext. Sessions are managed securely. We recommend a strong, unique password for your account.

Card payments are processed by Stripe, a PCI-DSS Level 1 service provider. Depository 360 does not receive or store your full card number, CVC, or expiration — those go directly to Stripe. We receive only a confirmation that a purchase completed.

We apply per-client rate limiting to sensitive and resource-intensive endpoints (authentication, payments, and AI analyses) to blunt brute-force and automated abuse, and we log access for audit and anomaly detection. Verified search-engine crawlers are permitted so public pages remain indexable.

• Security headers including Content-Security-Policy, X-Content-Type-Options, X-Frame-Options, Referrer-Policy, and Permissions-Policy.
• Server-side authorization checks on protected routes and gated tools.
• Input validation and sanitization of user- and third-party-supplied content before rendering.
• Guards against server-side request forgery (SSRF) on outbound fetches.
• Dependencies are monitored and patched for known vulnerabilities.

Access to production systems follows least-privilege principles. We practice data minimization — collecting only what is needed — and, as stated in our Privacy Policy, we never use your data to train AI models and never sell or share it with third parties for their own purposes.

If you believe you have found a security vulnerability, please report it privately to admin@infinidatum.com with details and reproduction steps. Please do not publicly disclose the issue until we have had a reasonable opportunity to investigate and remediate, and do not access or modify data that is not yours, degrade the Service, or pursue testing that harms users. We appreciate good-faith research and will work with you in good faith.

No method of transmission or storage is perfectly secure. While we work to protect your information, we cannot guarantee absolute security. Keep your credentials confidential and notify us promptly of any suspected unauthorized access.