Security

How GenXForm protects your data

Designed with Security Best Practices

GenXForm is built with modern security practices from the ground up. While we have not yet completed third-party compliance certifications (SOC 2, HIPAA, ISO 27001), security is a core design principle.

Password Security

Passwords are hashed using PBKDF2-SHA256 with 600,000 iterations, following OWASP 2023 recommendations. We never store plain-text passwords.

Session Management

Sessions use HttpOnly, Secure, SameSite=Lax cookies. Session tokens are cryptographically random and stored as SHA-256 hashes server-side.

Infrastructure

GenXForm runs on Cloudflare's global network, which provides DDoS protection, TLS encryption, and edge-level security. All data in transit is encrypted with TLS 1.3.

Rate Limiting & Abuse Protection

All API endpoints are rate-limited to prevent abuse. Public form submissions are protected against duplicate submissions and spam.

Security Headers

Every response includes security headers: Content Security Policy, Strict Transport Security, X-Frame-Options, X-Content-Type-Options, and more.

Compliance Features Planned

We are working toward formal compliance certifications. If you have specific compliance requirements, please contact us to discuss your needs.

Reporting Vulnerabilities

If you discover a security vulnerability, please report it responsibly. Contact us through our support channels.