Fight Club Tech LogoFight Club Tech

Security

Last updated: October 17, 2025

Our Commitment to Security

At Fight Club Tech, we take the security of your data seriously. We implement industry-standard security measures to protect your information from unauthorized access, disclosure, alteration, and destruction.

Infrastructure Security

Hosting and Network

  • Secure Hosting: Our platform is hosted on enterprise-grade infrastructure with 99.9% uptime SLA
  • DDoS Protection: Cloudflare protection against distributed denial-of-service attacks
  • SSL/TLS Encryption: All data transmission uses industry-standard encryption (TLS 1.3)
  • Regular Security Audits: Quarterly third-party penetration testing and vulnerability assessments

Database Security

  • Encryption at Rest: All database storage encrypted using AES-256
  • Encryption in Transit: SSL-only connections to database servers
  • Access Controls: Role-based access control (RBAC) with principle of least privilege
  • Automated Backups: Daily encrypted backups with 30-day retention

Application Security

Authentication

  • Multi-Factor Authentication (MFA): Optional MFA for all accounts
  • Password Requirements: Minimum 8 characters with complexity requirements
  • Session Management: Secure session handling with automatic timeout
  • OAuth Support: Secure third-party authentication via trusted providers

Authorization

  • Role-Based Access Control: Fine-grained permissions for different user roles
  • API Security: JWT-based authentication for all API requests
  • Rate Limiting: Protection against abuse and brute-force attacks

Data Protection

  • Input Validation: All user input sanitized and validated
  • SQL Injection Prevention: Parameterized queries and ORM usage
  • XSS Protection: Content Security Policy and output encoding
  • CSRF Protection: Token-based protection for state-changing operations

Operational Security

  • Security Monitoring: 24/7 automated monitoring and alerting
  • Incident Response: Documented incident response procedures and team
  • Security Updates: Automatic security patches applied within 48 hours
  • Employee Training: Regular security awareness training for all staff
  • Background Checks: All employees undergo background verification
  • Confidentiality Agreements: All staff sign NDAs and data protection agreements

Compliance and Standards

We adhere to industry best practices and compliance standards:

  • GDPR: General Data Protection Regulation compliance for EU data
  • CCPA: California Consumer Privacy Act compliance
  • SOC 2 Type II: Working towards certification
  • OWASP Top 10: Protection against common web vulnerabilities

Your Responsibilities

Security is a shared responsibility. To protect your account:

  • Use a strong, unique password
  • Enable multi-factor authentication
  • Never share your login credentials
  • Log out from shared devices
  • Report suspicious activity immediately
  • Keep your contact information up to date

Reporting Security Issues

If you discover a security vulnerability or have security concerns, please report them responsibly:

Security Contact

We appreciate responsible disclosure and will acknowledge receipt of your report, investigate promptly, and keep you informed of our progress. We do not currently offer a bug bounty program but may provide recognition for significant findings.

Security Updates

We will notify affected users in the event of a data breach or security incident that may impact their personal information, in accordance with applicable laws and regulations.

Third-Party Services

We carefully vet all third-party services we use. Our key security partners include:

  • Clerk: Enterprise-grade authentication and user management
  • Neon: Serverless Postgres with encryption at rest and in transit
  • Cloudflare: DDoS protection and web application firewall
  • Vercel: Secure edge deployment infrastructure

Questions?

If you have questions about our security practices, please contact us at: