Security and Privacy
How we protect your data and ensure a secure environment
Our Security Principle
We are committed to providing the highest level of security and privacy for all users of our website. Your security is our top priority.
We use advanced technologies and strict protocols to protect your personal data and ensure the integrity of our platform.
Robust Authentication and Authorization
To protect access to user accounts and administrative functions, we employ modern methods:
- JWT Authentication: Using JSON Web Tokens for secure and stateless user authentication.
- Password Hashing: All passwords are stored as cryptographic hashes using the bcrypt algorithm, making them unreadable and protected against breaches.
Data Protection
We take all necessary measures to protect your data from unauthorized access, alteration, or destruction:
- SQL Injection Prevention: All database queries are parameterized to prevent SQL injection attacks.
- Input Validation: All incoming data undergoes strict validation and sanitization to prevent XSS attacks and other vulnerabilities.
- File Upload Security: File uploads are strictly controlled with type and size validation to prevent the upload of malicious content.
Web Application Security
Our website is protected at the web application level using a comprehensive set of measures:
- HTTP Security Headers: Using Helmet.js to set security headers (HSTS, CSP, XSS Protection).
- CORS Policies: Configured Cross-Origin Resource Sharing policies to control access to resources.
- Rate Limiting: Limiting the frequency of requests to prevent denial-of-service (DDoS) attacks.
- SSL/TLS Encryption: All data transmitted between your browser and our server is encrypted using SSL/TLS.
Your Data Rights (152-FZ / GDPR)
You have the right to manage the personal data we hold about you:
- Right of access: you can request all information associated with your account by contacting us via email.
- Right to erasure: you can delete your account and all associated personal data through your profile settings. Public comments are anonymized to preserve discussion continuity.
- Right to rectification: any inaccuracies in your data can be corrected in your profile or by contacting us.
For questions about personal data processing, contact: admin@okrock.ru
Continuous Improvement
We constantly monitor for new security threats and update our systems to ensure maximum protection. Our team regularly conducts security audits and implements industry best practices.