We do the unglamorous work so the public scan stays fast and your workspace stays calm. We're also honest about audits we haven't paid for yet.
Eight controls that are live in production today.
CSP headers tightened on every public scan page. Frame embedding blocked. Form actions locked to first-party and approved payment origins.
Auth endpoints: 10/min/IP. QR generation: 30/min/IP. Public scan ingestion: 120/min/IP. Billing webhooks: 300/min/IP.
Image uploads validated by file signature (JPEG, PNG, GIF, WEBP), never trusting the browser-claimed MIME type. Mismatches rejected before disk write.
Managed Postgres in Frankfurt, Germany. Daily backups. Named infrastructure, email, and payment sub-processors documented for customers.
One-click JSON export of every workspace record. Account deletion with typed confirmation. Hashed IP storage, no raw IP logs, no third-party trackers in the dashboard.
Billing events deduped at the database layer to prevent double-billing on retries. Each event ID written once, replays return 200 without re-running side effects.
Bcrypt password hashing, server-side session validation, signed session cookies. Email verification flow available, no SMS. SSO/OAuth on the roadmap.
Public /01/{gtin} pages set zero cookies and run no third-party scripts. Hashed-IP analytics only. Honoured Global Privacy Control on first visit.
If any of these is a deal-breaker for your procurement, we'd rather you know before signup than after.