Security at esdecode
We take the security of your account, payments and purchases seriously. This page explains how we protect the platform and how to report a vulnerability responsibly.
How we protect the platform
- Payments. Card payments are processed by Stripe. We never see or store full card details.
- Downloads. Product files are served through authorized, time-limited links tied to a valid purchase — they are not publicly accessible.
- Accounts. Passwords are hashed, sessions are protected, and sensitive actions require server-side authorization.
- Data in transit. The site is served over HTTPS, with the canonical host enforced.
Reporting a vulnerability
If you believe you've found a security issue, please report it to us privately so we can fix it before it's disclosed. Email info@esdecode.com with:
- A description of the issue and its potential impact
- Steps to reproduce (proof-of-concept where possible)
- Any relevant URLs, requests or screenshots
Please give us a reasonable time to investigate and remediate before any public disclosure, and avoid accessing or modifying other users' data, degrading the service, or running automated high-volume scans.
Scope
Testing should target only your own account and content. Do not attempt denial-of-service, social engineering of our staff or users, or physical attacks. Issues in third-party services we rely on (such as Stripe) should be reported to those providers directly.
Buying securely
When evaluating products, prefer items with documentation and full source you can review. Our guides on WordPress plugin security and auditing a Laravel script cover what to check before you install third-party code.
Related marketplace policies
For review scope, refund handling and buyer expectations, also see Content Review Process, Buyer Protection and the Refund Policy.