AHP MOD 2.0

General Security & Compliance Overview

How we protect your data and ensure system reliability

1. Data Protection Basics

We take the protection of customer and partner data seriously.

  • Encryption in Transit: All connections use HTTPS/TLS 1.2+ to secure data moving between users, systems, and APIs.
  • Encryption at Rest: Cloudflare KV, D1, and MongoDB (when used) store data with encryption enabled by default.
  • No Unnecessary Data Retention: We store only the minimum data needed to operate and offer deletion upon request.

2. Access Controls

We limit who can see and modify sensitive data.

  • Role-Based Access: Only authorized personnel have access to system configurations.
  • Multi-Factor Authentication (MFA): Required for all internal admin accounts.
  • Audit Logging: All administrative access is logged for accountability.

3. System Reliability & Availability

We ensure the service is resilient and consistently available.

  • Cloudflare Workers Edge Network: High uptime, globally distributed performance.
  • Rate Limiting & Abuse Protection: Automated systems prevent overuse and malicious traffic.
  • Monitoring & Alerts: System uptime and anomalies are tracked in real time.

4. Incident Response

If something goes wrong, we're ready to act quickly.

  • Incident Playbooks: Pre-defined response plans for downtime, data exposure, or abuse.
  • 24/7 Escalation Path: Key issues trigger immediate alerts to engineering.
  • Transparency: Customers are notified of material incidents without delay.

5. Payment Security (Stripe)

We partner with Stripe to handle all payments securely.

  • PCI DSS Level 1 Certified: Stripe maintains the highest security certification for handling credit cards.
  • No Local Card Storage: AHP MOD systems never store or process credit card numbers.
  • Fraud Prevention: Stripe Radar and 3D Secure authentication reduce chargeback risks.
  • End-to-End Encryption: Card data is tokenized and encrypted before leaving the customer's browser.

6. Compliance Foundations

We align with widely recognized security best practices.

  • Cloudflare Security Model: Built on Cloudflare's trusted infrastructure with built-in DDoS protection and bot management.
  • Privacy Compliance: Baseline adherence to GDPR (data rights) and CCPA (opt-outs) in how we handle personal data.
  • Annual Review: Internal security policies and practices are re-evaluated yearly.

7. Passwords & Authentication

We make sure account logins are as secure as possible.

  • Strong Passwords: Encouraged for all users, with technical checks to prevent weak passwords.
  • Two-Step Login: MFA available to add another layer of protection.
  • Password Storage: Credentials, when stored, are salted and hashed using industry-standard methods.

8. User Privacy

We treat customer information with respect and confidentiality.

  • Data Use Transparency: Personal data is only used to provide contracted services.
  • No Selling of Data: Customer data is never sold to third parties.
  • Customer Control: Users can request data exports or deletion at any time.

9. Regular Updates & Maintenance

We keep our systems protected against evolving threats.

  • Patch Management: Security updates are applied promptly to all dependencies and infrastructure.
  • Routine Audits: Regular reviews of code and infrastructure to identify and address vulnerabilities.
  • Continuous Improvement: Security practices evolve as industry standards improve.
← Back to Home