Security Standards

1. Transmission and Encryption

All administrative actions, dashboard telemetry, and user passwords are protected using industry-standard protocols:

• Data in transit is encrypted using TLS 1.3.
• Passwords are hashed using bcrypt before database write.
• API requests to eSIM Access and Stripe utilize secure HTTPS routes with HMAC signatures.

2. Infrastructure Security

Our applications are hosted on Vercel's serverless nodes, providing built-in DDoS protection, automatic isolation, and web application firewalls. Databases are isolated within private VPC environments on AWS/Neon.

3. Administrative Access Controls

Access to order databases, provisioning routes, and keys is restricted using role-based access control. Every action generates an immutable Audit Log record to prevent unauthorized profile creation.