newyorkrecordclub.com · Security
We take the security of our website and the data you share with us seriously. Below is a summary of the measures we have in place.
All traffic between your browser and our servers is encrypted using HTTPS. We enforce secure transport and set appropriate headers to prevent downgrade attacks.
Authentication is handled through Manus OAuth. Sessions are signed and short-lived. Protected routes require a valid session; unauthenticated requests are rejected before reaching any data.
We apply server-side rate limiting to all endpoints to reduce the risk of brute-force and denial-of-service attempts.
All data submitted through forms and APIs is validated and sanitized on the server before processing or storage. We do not trust client-supplied values.
Payment processing is handled entirely by Stripe. We do not store card numbers or payment credentials. Authentication is delegated to Manus OAuth. Hosting and CDN are provided by Cloudflare.
If you believe you have found a security vulnerability, please report it privately to [email protected]. We will acknowledge your report promptly and work to address confirmed issues. We ask that you give us reasonable time to respond before any public disclosure.