Information Security

Security Measures

• Our team develops code with the OWASP Top Ten Web Application Security Risks in mind.

User Authentication

• Passwords are hashed using the BCrypt algorithm and stored in the database.
• In motion: All communication to and from our servers uses HTTPS TLS 1.2.

Encryption and Storage

• Production data is stored and hosted on secure private servers located in the United States.
• Production servers use the latest industry-standard cPanel with CSF firewall, cPHulk, and other security tools. Updates are automatic and professionally maintained.
• We utilize external vulnerability scanning tools to identify issues such as Cross-site scripting, SQL Injection, Command Injection, Path Traversal, and insecure server configuration.

Database and Code Access

• Access to the underlying database and code is restricted to authorized developers within our technical team.
• User information we collect and store is governed by our Privacy Policy.

TapContact NFC Business Cards

The purpose of the TapContact NFC Business Cards is to share publicly viewable profiles with other users. To ensure only the intended details are shared, we employ the following mechanics:

• Links are served with hashed URIs that are public but difficult to guess or brute force.
• Information shared on the profile is clearly identified when editing the profile.
• Any information entered into the profile must be considered publicly available.
• We do not support or recommend storing sensitive data on the platform.

Contact Us

If you have any security concerns, please contact us at sales@tapcontact.com.au.