Security
Secure-by-Design Product Development
Security is not a feature we add at the end. It is part of how FRIXMA designs, builds, and operates every platform from the first line of code.
Our Security Practices
These practices apply across all FRIXMA platforms, with additional controls for enterprise products like WeldTracked.
HTTPS Everywhere
All FRIXMA platforms enforce HTTPS. Transport-level encryption is non-negotiable — no exceptions, no mixed content, no insecure fallbacks.
Role-Based Access Control
Access to data and functionality is controlled by role. Users, operators, administrators, and enterprise accounts each have clearly defined permission scopes.
Audit Logging
Sensitive operations across all platforms are logged with user identity, timestamps, and action context. Logs are immutable and retained for accountability.
Secure Authentication
FRIXMA platforms use industry-standard authentication mechanisms — hashed passwords, secure session tokens, and support for multi-factor authentication where appropriate.
Input Validation & Sanitization
All user inputs are validated at system boundaries. FRIXMA follows OWASP guidelines to prevent injection attacks, XSS, and other common vulnerabilities.
Data Privacy
FRIXMA collects only the data required to operate its platforms. User data is not sold to third parties. Privacy policies are clear and accessible.
Secret Management
API keys, database credentials, and other secrets are stored using environment-based secret management — never hardcoded in source code or repositories.
Backup Philosophy
Critical data is backed up regularly with verified restore procedures. For enterprise platforms like WeldTracked, data continuity is a core operational requirement.
Responsible Disclosure
If you have discovered a security vulnerability in any FRIXMA platform, we encourage responsible disclosure. Please contact us directly before making any findings public. We take all reports seriously and will respond as quickly as possible.
We do not pursue legal action against security researchers acting in good faith and following responsible disclosure practices.