Our approach
Tebrix is built for creators who trust us with storefront designs and account access. We use industry-standard practices for authentication, transport security, and access control, and we review our systems as the product evolves.
Account protection
- Sign-in through established authentication providers where applicable
- Session management with secure cookies and server-side validation
- Role-based access for admin and impersonation features, limited to authorized operators
Data in transit and at rest
- HTTPS for all web traffic to Tebrix applications
- Encrypted connections to integrated services where supported
- Database and file storage hosted with reputable cloud providers
Application security
- Input validation and safe rendering to reduce injection and XSS risk in editor output
- Principle of least privilege for internal tools and API access
- Monitoring for errors and abuse patterns
Your responsibilities
You can help keep your account secure by:
- Using a strong, unique password and enabling available account protections
- Not sharing credentials or API keys
- Reviewing who has access to your Tebex store and Tebrix team settings
- Reporting suspicious activity promptly
Reporting a vulnerability
If you believe you have found a security issue, please report it responsibly. Do not publicly disclose vulnerabilities before we have had a reasonable chance to address them.
Contact us via Discord with details sufficient to reproduce the issue. We appreciate good-faith reports and will work with you on remediation.
Incident response
If we become aware of a breach affecting customer data, we will investigate, mitigate, and notify affected users and regulators as required by applicable law.
Related policies
See also our Privacy Policy and Terms of Service.