At Projecto, we take the security of your data seriously. We implement industry-standard security measures to protect your personal information, payment details, and digital assets. This page outlines our security practices and what you can do to help keep your account safe. Last updated: November 1, 2025.

In Transit

• SSL/TLS Encryption: All data transmitted between your browser and our servers is encrypted using HTTPS with TLS 1.2 or higher
• Secure APIs: All API communications are encrypted and authenticated
• Certificate Validation: We use valid SSL certificates to ensure secure connections

At Rest

• Database Encryption: Sensitive data is encrypted in our PostgreSQL database
• Password Hashing: Passwords are hashed using bcrypt with strong salt
• Secure Tokens: Session tokens and order tokens are cryptographically secure (64-character random strings)

PayU Money Integration

• PCI DSS Compliant: All payment processing is handled by PayU Money, a PCI DSS compliant payment gateway
• No Card Storage: We never store credit card numbers, CVV codes, or full card details on our servers
• Secure Redirect: Payments are processed on PayU's secure servers, not ours
• Transaction Verification: All payment callbacks are verified using cryptographic hashes
• Fraud Detection: PayU Money's built-in fraud detection systems protect your transactions

What We Store

We only store:

• Transaction ID and status
• Amount and currency
• Payment method type (not details)
• Timestamp of transaction

Secure Authentication

• Session Management: Secure PHP sessions with httpOnly and secure flags
• Password Requirements: Minimum 8 characters with complexity requirements
• Account Lockout: Protection against brute force attacks
• Secure Logout: Complete session termination on logout

Role-Based Access Control

• Admin Separation: Admin functions require elevated privileges
• User Isolation: Users can only access their own data
• Token-Based URLs: Order and download links use secure tokens instead of predictable IDs
• Permission Checks: Every action is validated against user permissions

Server Protection

• Web Application Firewall: Nginx configured with security best practices
• DDoS Protection: Rate limiting and traffic filtering
• Regular Updates: Operating system and software kept up-to-date with security patches
• Intrusion Detection: Monitoring for suspicious activities

Database Security

• Access Control: Database accessible only from application server
• Prepared Statements: All queries use parameterized statements to prevent SQL injection
• Backup & Recovery: Regular encrypted backups
• Audit Logging: Critical operations are logged

Secure Development

• Input Validation: All user inputs are validated and sanitized
• Output Encoding: XSS prevention through proper encoding
• CSRF Protection: Cross-Site Request Forgery tokens on forms
• Security Headers: Proper HTTP security headers configured
• Error Handling: Errors logged securely without exposing sensitive information

Code Security

• No Hardcoded Secrets: All credentials stored in environment variables
• Dependency Management: Regular updates of third-party libraries
• Security Audits: Regular code reviews for security issues

• Payment Verification: Downloads only available after successful payment
• Token Authentication: Secure tokens required for each download
• User Verification: Downloads restricted to the purchasing user
• Expiring Links: Download links can be time-limited if needed
• Access Logging: All download attempts are logged

Best Practices

• Strong Passwords: Use unique, complex passwords for your account
• Don't Share: Never share your login credentials with anyone
• Logout: Always logout when using shared computers
• Secure Connection: Avoid using public Wi-Fi for payments
• Keep Updated: Use updated browsers and operating systems
• Phishing Awareness: Be cautious of suspicious emails claiming to be from us

If You Suspect a Security Issue

Contact us immediately at security@projecto.in if you:

• Notice unauthorized access to your account
• Discover a security vulnerability
• Receive suspicious communications claiming to be from us
• Notice unusual account activity

Our Response

• We investigate all security reports promptly
• Affected users are notified in case of a breach
• We work to resolve issues quickly and transparently

• Data Protection: We comply with applicable data protection regulations
• Payment Standards: PCI DSS compliance through PayU Money
• Indian Laws: Compliance with Information Technology Act, 2000
• Regular Audits: Internal security audits and assessments

For security-related inquiries:

• Security Issues: security@projecto.in
• General Support: support@projecto.in
• Contact Form: projecto.in/contact