We take security seriously and design ClubTrackr with defense-in-depth, least privilege, and secure-by-default principles.
Data Protection
- Transport encryption via HTTPS/TLS for all traffic.
- Passwords stored using strong one-way hashing (PHP
password_hash()). - Principle of least privilege for application and database access.
Application Security
- CSRF protection on state-changing forms.
- Prepared statements for database queries to mitigate SQL injection.
- Strict file upload validation and segregated storage for attachments.
- Session hardening: HttpOnly, SameSite, and secure cookies when served over HTTPS.
Backups & Availability
- Regular database backups with restricted access.
- Operational monitoring and error logging.
Vulnerability Disclosure
Found a vulnerability or a security concern? Please email security@clubtrackr.com. Include a description, steps to reproduce, and any relevant screenshots or proof-of-concepts. We’ll acknowledge your report and keep you updated on progress.
- Do not access or modify data that isn’t yours.
- Avoid actions that could degrade service (e.g., DoS).
- No public disclosure until we’ve had reasonable time to remediate.
Compliance & Third Parties
We use reputable providers for infrastructure and email delivery.
Details available upon request: support@clubtrackr.com.