Security at WarrantyCert

We use practical, layered safeguards designed for a focused warranty-certificate service. This page describes current controls without claiming certifications we do not hold.

Company data isolation

Authenticated records are scoped by company ownership, with automated tests covering cross-company access attempts.

Account and request protection

Passwords are hashed, sessions use protected cookies, authenticated changes require CSRF protection, and sensitive public actions use rate limiting.

Browser and content safeguards

User-entered content is escaped before display, uploaded files are type and size restricted, and responses apply a restrictive Content Security Policy and other security headers.

Operational monitoring

Production errors are monitored through Sentry with default personal-data collection disabled and request details scrubbed before reporting.

Responsible disclosure

If you believe you found a security issue, please include reproduction steps and contact support@warrantycert.com.