Security

We know that privacy is fundamental when it comes to such a sensitive topic. That is why security is not an additional feature at Firmo90 -- it is the foundation of everything we build.

End-to-End Encryption

All communications between your device and our servers are protected by TLS 1.3. Sensitive personal data receives an extra layer of AES-256 encryption in the database, ensuring that even in case of unauthorized access, your data remains unreadable.

Privacy by Design

You do not need to use your real name. Choose a nickname and an avatar. Your progress is 100% private -- no one can see your data. In the community, you share only what you want, when you want. No third-party tracking, no data selling.

Secure Authentication

Passwords are stored with bcrypt hashing using unique salts. Short-lived JWT tokens ensure sessions expire automatically. Protection against brute-force attacks with intelligent rate limiting on all authentication routes.

Regular Audits

We perform periodic security reviews of our infrastructure and code. 24/7 monitoring to detect suspicious activities. Access logs are securely maintained for incident investigation.

LGPD Compliance

We are fully compliant with Brazil's General Data Protection Law (LGPD). You can access, correct, export, and delete all your data at any time. Full transparency about how your data is used.

Responsible Disclosure

We maintain an open channel for security researchers to report vulnerabilities responsibly. If you find a security issue, contact seguranca@firmo90.com. We value and acknowledge contributions from the security community.

Have questions about our security? Contact us at contato@firmo90.com and we will be happy to answer your questions.