Security & Trust Center
How DFV Digital Hub protects authors, buyers, and the platform.
All data in transit is protected via TLS 1.3. Authentication tokens are never stored in plain text.
After 3 minutes of inactivity, sessions are terminated to prevent unauthorized access on shared devices.
Right-click, text selection, copy, and common screenshot shortcuts are blocked inside preview areas.
Every preview and download is burned with the viewer's name and email, making leaks traceable.
Hosted on modern edge infrastructure with automated vulnerability scanning and zero-trust networking.
Built under the Data Privacy Act (RA 10173), E-Commerce Act (RA 8792), and IP Code (RA 8293).
Security Practices
- Passwords are never logged or stored in recoverable form.
- Admin actions are logged and auditable.
- Third-party payment integration uses tokenized credentials (no raw card data touches our servers).
- Regular dependency audits via automated vulnerability scanning.
- Database access is restricted to authorized personnel only.
Responsible Disclosure
If you discover a security vulnerability, please report it to security@dfvhub.ph. We commit to acknowledging reports within 48 hours and resolving confirmed issues within 30 days. We do not pursue legal action against researchers who act in good faith.
Compliance Certifications
DFV Digital Hub is designed to meet the requirements of Philippine data-protection law. We are actively working toward alignment with ISO 27001 and SOC 2 Type II standards as the platform matures.