🚧 Site is under development. All transactions are on temporary hold.

Security Notice

Understanding security responsibilities when using Infoglance products.

Our Security Approach

Infoglance builds products following industry-standard security best practices. However, security is a shared responsibilitybetween us and you.

What We Provide

  • Code following OWASP Top 10 security guidelines
  • Input validation and sanitization patterns
  • Secure authentication mechanisms
  • Backend-authoritative architecture
  • Protection against common vulnerabilities (XSS, CSRF, SQL Injection)
  • Secure session management
  • Password hashing with modern algorithms
  • Security-focused architectural decisions
  • Documentation of security patterns used

What We Do NOT Provide

  • ❌ Guarantee of zero vulnerabilities
  • ❌ Security audits or certifications
  • ❌ Penetration testing services
  • ❌ Compliance certifications (ISO 27001, SOC 2, etc.)
  • ❌ Security monitoring or incident response
  • ❌ Vulnerability scanning services
  • ❌ Security configuration for your environment

Your Security Responsibilities

When you deploy our products, YOU are responsible for:

1. Code Review:

  • Review all code before deployment
  • Understand security mechanisms implemented
  • Verify code meets your security requirements

2. Security Testing:

  • Conduct penetration testing
  • Perform vulnerability scanning
  • Test for your specific threat model
  • Validate authentication and authorization flows

3. Configuration:

  • Configure security headers (CSP, HSTS, etc.)
  • Set up SSL/TLS certificates
  • Configure firewall rules
  • Implement rate limiting appropriate for your traffic
  • Set secure environment variables
  • Configure CORS policies

4. Infrastructure Security:

  • Secure your hosting environment
  • Implement network security
  • Set up monitoring and logging
  • Configure backup and disaster recovery
  • Implement intrusion detection

5. Maintenance:

  • Keep all dependencies updated
  • Apply security patches promptly
  • Monitor security advisories
  • Regular security audits
  • Incident response planning

Security Best Practices

Before Production Deployment:

  • ✅ Hire CERT-In empanelled security auditor
  • ✅ Conduct penetration testing
  • ✅ Review all environment variables and secrets
  • ✅ Implement security monitoring
  • ✅ Set up log aggregation
  • ✅ Test authentication and authorization
  • ✅ Verify data encryption (in transit and at rest)
  • ✅ Review API security
  • ✅ Test against OWASP Top 10

After Production Deployment:

  • 🔄 Regular security updates
  • 🔄 Continuous monitoring
  • 🔄 Log analysis
  • 🔄 Vulnerability scanning
  • 🔄 Security awareness training
  • 🔄 Incident response drills

Known Limitations

Our products have these known limitations:

  • Security depends heavily on proper configuration
  • Some security settings are environment-specific
  • Third-party integrations require your security review
  • Custom modifications may introduce vulnerabilities
  • AI-assisted code requires additional review

Reporting Security Issues

If you discover a security vulnerability in our products:

  • Email: admin@infoglance.store
  • Include detailed description and reproduction steps
  • Do NOT publicly disclose until we've addressed it
  • We will acknowledge within 48 hours
  • We aim to address critical issues within 7 days

Security Updates

When we release security updates:

  • Critical updates will be emailed to all customers
  • Update notes will describe the issue and fix
  • You are responsible for applying updates
  • Older versions may not receive security patches

⚠️ Important Disclaimer

No software is 100% secure. While we follow security best practices, we cannot guarantee our products are free from vulnerabilities. Security is ultimately YOUR responsibility when you deploy our products.

We are NOT liable for security breaches, data loss, or damages resulting from security incidents in your deployment.