Legal
Security
We take the security of your account and data seriously. This page describes the technical measures in place and how to report a vulnerability.
Infrastructure Security
Transport
TLS 1.2+ enforced
Email Authentication
SPF · DKIM · DMARC
Password Storage
Bcrypt hashed
Payment Data
Stripe — not stored by us
Database Access
Localhost-only, no public port
Admin Routes
Caddy IP-gated
What We Do
- All traffic between your browser and our platform is encrypted using TLS. HTTP connections are automatically redirected to HTTPS.
- Passwords are hashed using bcrypt before storage. We never store plaintext passwords.
- Database access is restricted to localhost — no external network exposure.
- Admin and analytics endpoints are restricted at the reverse proxy level to authorized IPs only.
- Email sending is authenticated with SPF, DKIM, and DMARC to prevent spoofing.
- Payment card data is handled exclusively by Stripe and is never transmitted to or stored by our systems.
- Session tokens are scoped to authenticated accounts and expire on logout.
What We Don't Do
- We do not store payment card numbers or CVVs.
- We do not share subscriber data with advertisers or data brokers.
- We do not log full request bodies containing sensitive input fields.
- We do not use third-party analytics scripts on the platform dashboard.
Responsible Disclosure
If you discover a security vulnerability in VĪQNG Intelligence, we ask that you disclose it to us responsibly before making it public. To report a vulnerability:
- Email: security@viqng.com
- Include a clear description of the vulnerability and steps to reproduce it.
- We will acknowledge your report within 48 hours and work to address confirmed vulnerabilities promptly.
We do not operate a formal bug bounty program at this time but we genuinely appreciate responsible disclosure and will acknowledge contributors where appropriate.
Scope
In-scope for responsible disclosure:
- Authentication and authorization flaws on viqng.com
- Data exposure vulnerabilities affecting subscriber records
- Injection vulnerabilities (SQL, XSS, etc.) on platform endpoints
Out of scope: denial-of-service attacks, social engineering, physical security, or issues in third-party dependencies outside our control.
Contact
Security: security@viqng.com