Security

Security is foundational to Joobbr. This page summarizes key controls we use and how users can help keep accounts safe.

1. Platform Security Controls

• Authentication and session validation for protected API routes.
• Rate limiting and abuse protections on sensitive endpoints like sign-in and registration.
• Server-side validation and guarded processing for billing and webhook operations.
• Security-focused response headers and request handling controls.

2. Data Protection

• Passwords are stored as one-way hashes, not plain text.
• Access to production infrastructure and secrets is restricted by role and operational controls.
• We monitor service health and investigate suspicious activity patterns.

3. Billing and Credits Security

Payment and top-up workflows are protected with token-validated webhook processing, transaction idempotency checks, and controlled wallet mutation logic.

If a payment-related issue is detected, we prioritize account integrity and transaction traceability.

4. Vulnerability Management

We run dependency audits and security updates as part of release readiness, and we patch known critical issues as quickly as possible.

5. Incident Response

If we identify a material security incident, we triage quickly, contain impact, investigate root cause, and implement remediation. Where required, we notify affected users and relevant authorities.

6. Responsible Disclosure

If you believe you found a vulnerability, contact us at security@joobbr.app with reproduction details. Please avoid destructive testing and allow reasonable time for remediation.

7. User Security Best Practices

• Use a strong, unique password for your Joobbr account.
• Do not share account credentials or API tokens.
• Log out on shared devices and keep your browser/device updated.

Related pages: Privacy and Terms.