Built to protect you — and your pets

• bcrypt-12 password hashing

  Passwords are never stored in plain text. We use bcrypt with cost factor 12 — far above the industry minimum.

• JWT + httpOnly refresh-token cookies

  Access tokens live in memory only; refresh tokens are set as httpOnly, Secure, SameSite=Lax cookies — invisible to JavaScript on the page.

• Per-device session model

  Every login creates an independent device session. You can view active sessions and revoke any device from your profile security tab at any time.

• Two-factor authentication (TOTP)

  Optional TOTP 2FA is available for all accounts via any authenticator app (Google Authenticator, Authy, etc.).

• OTP brute-force protection

  OTP verification endpoints are rate-limited and verified with timing-safe comparison to prevent enumeration attacks.

• Admin step-up auth

  Destructive admin actions (bulk deletes, role changes) require a fresh OTP challenge regardless of current session age.

• DPDP-aligned data exports

  You can request a full JSON export of your personal data or permanent account deletion from your account settings. Deletion cascades to bookings, messages, and analytics.

• AES-256 PII encryption at rest

  Sensitive fields (phone numbers, health records, vet notes) are encrypted before storage. The encryption key lives in environment config, separate from the database.

• No third-party ad tracking

  We do not sell your data and do not embed ad-network trackers. Analytics events are first-party only.

• Consent-gated Mixpanel analytics

  Behavioural analytics are sent to Mixpanel only after explicit consent. You can withdraw consent at any time from your privacy settings.

• AI prompt-injection guard

  All symptom-checker and AI-chat prompts are wrapped in a structured envelope so user input cannot escape the instruction context and manipulate the model.

• No card data ever touches Faunato servers

  All card payments flow through Razorpay and Stripe, both of which are PCI DSS Level 1 certified. Faunato never sees, stores, or logs your card number.

• 3DS / SCA enforced

  Subscriptions use Razorpay 3DS authentication. Stripe payments support Strong Customer Authentication (SCA) for European cardholders.

• Idempotent payment operations

  Every payment and refund operation carries a unique idempotency key so a duplicate request (network retry, double-tap) never charges you twice.

• Webhook signature verification

  All Stripe and Razorpay webhook payloads are verified against a shared HMAC secret before any state change is applied.

• Paw Stars wallet audit log

  Every star credit and debit is recorded in an immutable ledger with refId-based deduplication. You can view your full transaction history at any time.

• Rate limiting on all user-facing endpoints

  API endpoints are rate-limited per IP and per authenticated user. Burst allowances follow per-action sensitivity (auth, AI, and payment endpoints have stricter limits).

• CORS and CSP headers

  Cross-Origin Resource Sharing is restricted to known origins. A Content-Security-Policy header limits script injection vectors.

• HSTS enforced

  HTTP Strict Transport Security is set on all responses so browsers always upgrade to HTTPS, even on first visit.

• Mass-assignment protection

  All API inputs are validated against an explicit Joi schema. Object spread from req.body directly onto model attributes is never used.

• SQL / NoSQL injection prevention

  Queries use Waterline ORM parameterised methods; no raw string interpolation into queries. Free-text search inputs are length-bounded and passed through Waterline's `contains` (safe regex) operator.

• Audit log for all admin actions

  Every destructive admin action (suspension, deletion, role change, config edit) is recorded in an append-only AdminLog collection visible in the admin audit dashboard.

We welcome security researchers. If you discover a vulnerability, please report it responsibly before public disclosure. We commit to acknowledging valid reports within 2 business days and to working with you on a fix.