Security
How we protect your account, payments, and data
Last updated: June 30, 2026
Encrypted Connections (HTTPS)
All traffic between your browser and Codeison is encrypted using TLS (HTTPS). We enforce HTTPS site-wide and use HSTS to prevent downgrade attacks, so your credentials and payment details are never transmitted in plain text.
Secure Payments via Stripe
We do not store your card number, CVV, or full payment details on our servers. All payment processing is handled by Stripe, a PCI DSS Level 1 certified provider. Card data is tokenised by Stripe directly in your browser before being sent to our backend, meaning sensitive card information never touches our systems.
Account & Password Security
Passwords are hashed using bcrypt before storage — we never store plain-text passwords and cannot retrieve yours. We recommend choosing a strong, unique password and enabling a password manager. If you believe your account has been compromised, reset your password immediately via the login page and contact our support team.
OAuth & Social Login
When you sign in with Google, we use the industry-standard OAuth 2.0 protocol. We only request the minimum permissions needed (name and email address) and never store your Google password. You can revoke access at any time from your Google account security settings.
Data Storage & Access Controls
Customer data is stored in a secured database accessible only via internal network. Downloadable files and attachments are stored on Amazon S3 with access controlled via short-lived signed URLs — files cannot be downloaded without a valid, time-limited token. Access to production systems is restricted to authorised team members only.
Session Security
API authentication uses Laravel Sanctum token-based sessions. Tokens are stored securely and can be revoked at any time by logging out. We recommend logging out of shared devices after your session.
Vulnerability Disclosure
If you discover a security vulnerability on our platform, please report it responsibly by emailing support@codeison.com with the subject line "Security Disclosure". We take all reports seriously and aim to respond within 48 hours. Please do not publicly disclose the issue until we have had a reasonable opportunity to investigate and address it.
Updates to This Page
We may update our security practices over time. Any significant changes will be reflected here. For general data privacy questions, please see our Privacy Policy.
Contact
For security-related questions or to report an issue, please contact us or email support@codeison.com.