Last updated · June 2026

Security

Security is foundational to RareCord. Here's an overview of how we protect accounts, orders, and data.

01Account protection

Passwords are hashed with bcrypt, sessions use signed httpOnly cookies, and two-factor authentication (TOTP) is available. Repeated failed sign-ins trigger temporary lockouts.

02Device & session management

Every sign-in is tracked with device and location metadata. You can review active sessions and revoke any device from your settings at any time.

03Platform hardening

Cloudflare Turnstile, rate limiting, anti-bot and anti-spam protection, CSRF protection, and strict input validation guard every sensitive endpoint.

04Audit logging

Security-relevant actions — sign-ins, password changes, 2FA changes, and admin actions — are recorded in an immutable audit trail.

05Responsible disclosure

Found a vulnerability? Contact us through live support. We review every report and prioritize fixes based on impact.

Questions about this policy? Reach us anytime via live support.