Security at WarrantyCert
We use practical, layered safeguards designed for a focused warranty-certificate service. This page describes current controls without claiming certifications we do not hold.
Company data isolation
Authenticated records are scoped by company ownership, with automated tests covering cross-company access attempts.
Account and request protection
Passwords are hashed, sessions use protected cookies, authenticated changes require CSRF protection, and sensitive public actions use rate limiting.
Browser and content safeguards
User-entered content is escaped before display, uploaded files are type and size restricted, and responses apply a restrictive Content Security Policy and other security headers.
Operational monitoring
Production errors are monitored through Sentry with default personal-data collection disabled and request details scrubbed before reporting.
Responsible disclosure
If you believe you found a security issue, please include reproduction steps and contact support@warrantycert.com.