Security
How GenXForm protects your data
Designed with Security Best Practices
GenXForm is built with modern security practices from the ground up. While we have not yet completed third-party compliance certifications (SOC 2, HIPAA, ISO 27001), security is a core design principle.
Password Security
Passwords are hashed using PBKDF2-SHA256 with 600,000 iterations, following OWASP 2023 recommendations. We never store plain-text passwords.
Session Management
Sessions use HttpOnly, Secure, SameSite=Lax cookies. Session tokens are cryptographically random and stored as SHA-256 hashes server-side.
Infrastructure
GenXForm runs on Cloudflare's global network, which provides DDoS protection, TLS encryption, and edge-level security. All data in transit is encrypted with TLS 1.3.
Rate Limiting & Abuse Protection
All API endpoints are rate-limited to prevent abuse. Public form submissions are protected against duplicate submissions and spam.
Security Headers
Every response includes security headers: Content Security Policy, Strict Transport Security, X-Frame-Options, X-Content-Type-Options, and more.
Compliance Features Planned
We are working toward formal compliance certifications. If you have specific compliance requirements, please contact us to discuss your needs.
Reporting Vulnerabilities
If you discover a security vulnerability, please report it responsibly. Contact us through our support channels.