Security

Last updated: November 10, 2025

1. Data Encryption

We employ encryption to protect sensitive data:

  • Data Encryption: Sensitive data is encrypted using AES-256-GCM encryption in production environments.
  • Environment-Based Security: Encryption is automatically enabled in production environments and disabled in development for easier testing.
  • Encrypted Fields: The following data is encrypted when stored:
    • Project names and descriptions
    • User usernames and emails
    • Item titles, descriptions, and related fields
    • Deliverable names and descriptions
    • Stakeholder information
    • Work package names
    • Custom field values
    • Team roles and assignments

2. Authentication & Access Control

We implement robust authentication and access control measures:

  • Password Security:
    • Passwords are hashed using PHP's secure password_hash() function
    • Minimum password length of 8 characters
    • Password confirmation required for changes
    • Current password verification for changes
  • Session Management: Secure session handling with automatic timeout
  • Role-Based Access: Granular permissions system for different user roles (admin, project manager, team member)
  • Application Access Control: Users can only access applications assigned to their plan

3. Data Protection

We protect your data through multiple layers of security:

  • Input Validation: All user inputs are validated and sanitized
  • SQL Injection Prevention: Prepared statements used for all database queries
  • XSS Prevention: Output is properly escaped using htmlspecialchars()
  • Email Security: Secure email configuration using TLS encryption

4. User Account Security

We provide tools and features to help users maintain account security:

  • Account Management: Users can update their profile information and password
  • Email Verification: Email addresses are validated for proper format
  • Unique Identifiers: Username and email must be unique across the system
  • Account Status: Active monitoring of account status

5. Security Best Practices for Users

We recommend users follow these security best practices:

  • Use a strong, unique password (minimum 8 characters)
  • Keep your email address up to date
  • Log out when using shared computers
  • Regularly update your password
  • Never share your login credentials
  • Report any suspicious activity immediately

If you have any security concerns or questions, please contact our security team.

Contact Security Team