Security policy.
How we protect your data, payments, and content — and how to report a vulnerability.
Last updated July 2026
Sections
Our Commitment
Security is foundational to DigiOne. Creators trust us with their income and content; buyers trust us with their payments and personal data. We treat both as non-negotiable responsibilities and design every feature with security in mind from day one.
Infrastructure & Encryption
• All traffic is encrypted in transit with TLS 1.2+ — there is no unencrypted access to the platform.
• Data is encrypted at rest with AES-256 on our database and storage infrastructure.
• The platform runs on hardened, SOC 2-compliant cloud infrastructure with isolated environments for production.
• Access to production systems is restricted to authorized personnel with multi-factor authentication.
Payment Security
• All payments are processed by an RBI-regulated Indian payment gateway. Card and UPI details go directly to the gateway — DigiOne never stores your card numbers, CVV, or UPI PIN.
• Payment confirmations are verified server-side with cryptographic signatures before any order is marked paid.
• Creator payouts go through verified bank accounts after KYC verification.
Account Security
• Passwords are hashed with industry-standard algorithms — we can never read your password.
• Google sign-in is supported via OAuth 2.0 with PKCE, so your Google credentials never touch our servers.
• Sessions are managed with short-lived, signed tokens that refresh automatically and can be revoked by signing out.
• We recommend using a strong, unique password and enabling 2-step verification on your email account.
Data Protection & Access Control
• Every database query is governed by row-level security — creators can only access their own data, and buyers can only access their own purchases.
• Private content (deliverables, KYC documents) lives in private storage buckets, accessible only through short-lived signed URLs minted after an ownership check.
• Internal access to user data is limited, logged, and reviewed.
Content Protection
• Digital products are delivered through time-limited download links tied to verified purchases.
• Download access requires an authenticated session and a purchase record — links cannot be shared indefinitely.
• We act on takedown and piracy reports — contact us if you find your content redistributed without permission.
Responsible Disclosure
Found a vulnerability? We want to hear from you — before anyone else does.
• Email security@digione.ai with a description, steps to reproduce, and impact assessment.
• Please do not access other users' data, disrupt the service, or publicly disclose the issue before we've had a chance to fix it.
• We aim to acknowledge reports within 48 hours and resolve confirmed issues promptly. Good-faith research conducted under this policy will not result in legal action.
Contact
For security concerns or vulnerability reports, contact security@digione.ai. For general privacy questions, see our Privacy Policy or write to privacy@digione.ai.
Found a vulnerability?
Report it privately to security@digione.ai — we acknowledge reports within 48 hours.