RatingRadar

Security

The security controls we actually use today

This page describes verifiable product behavior instead of marketing claims. We only list protections that are currently active in the system.

Current Protection Layers

The sections below are based directly on working mechanisms in the codebase.

Authentication

  • Passwords are hashed with bcrypt
  • JWT-based session authentication is used
  • Password reset links use time-limited purpose-bound tokens
  • Tab-scoped session isolation is applied

Access Controls

  • Role-based authorization is enforced
  • Admin and customer users have separate permission boundaries
  • Sensitive actions are checked server-side
  • Operation-specific permissions are enforced separately

Application Security

  • Inputs are validated and sanitized
  • Rate limiting is applied on sensitive endpoints
  • Payment and subscription flows are tracked with audit logs
  • API keys and secrets are not hard-coded into the codebase

Payment Security

  • Card payments run through the Iyzico checkout flow
  • Raw card data is not stored inside the application
  • Payment callbacks are handled through a verified server-side flow
  • Gateway responses and payment status are logged

How We Handle Data

This page only lists controls that currently exist in the product. We do not claim certifications or protections that are not currently in place.

Minimum Necessary Data

We process the data required to operate business accounts, user access, review synchronization, and notification flows.

Passwords and Credentials

Passwords are never stored in plain text. Signed token mechanisms are used for authentication and password reset flows.

Secrets and Integration Keys

SMTP, payment, database, and third-party service keys are loaded through environment variables or secret management.

Security Disclosure

Contact

If you notice a vulnerability or suspicious behavior, you can report it with details to support@ratingradarsolution.com.

Responsible Reporting

Please share reproduction steps and impact details, and avoid public disclosure until we have had a chance to address the issue.

Contact

If you have further questions about security, data handling, or access controls, contact support@ratingradarsolution.com.

support@ratingradarsolution.com
RatingRadar - Google Reviews Management