The Forge
BlogSign InGet Started

Security

Last updated: 2025-01-01

Our Commitment

At Converta PM, security is a core part of how we build and operate Converta PM. We take the protection of your data seriously and implement multiple layers of defence to keep your information safe.

Authentication and Access Control

  • JWT-based authentication with secure token handling
  • Passwords hashed using industry-standard algorithms (bcrypt)
  • Role-based access control (RBAC) for fine-grained permissions
  • Automatic session expiry and refresh token rotation
  • Optional social authentication via trusted OAuth providers

Data Protection

  • All data encrypted in transit using TLS 1.2+
  • Database encryption at rest
  • Regular automated backups with secure storage
  • Strict data access controls limiting who can access production data
  • Data isolation between user accounts

Infrastructure Security

  • Hosted on reputable cloud infrastructure with SOC 2 compliance
  • Rate limiting to prevent abuse and DDoS attacks
  • Input validation and sanitisation to prevent injection attacks
  • CORS policies restricting cross-origin requests
  • Security headers (CSP, HSTS, X-Frame-Options) on all responses
  • Regular dependency vulnerability scanning

Application Security

  • Protection against OWASP Top 10 vulnerabilities
  • Parameterised queries preventing SQL injection
  • Output encoding preventing cross-site scripting (XSS)
  • CSRF protection on state-changing operations
  • Secure cookie configuration (HttpOnly, Secure, SameSite)

Monitoring and Incident Response

  • Structured application logging for security events
  • Error tracking and alerting for anomalous behaviour
  • Defined incident response procedures
  • Regular security reviews of code and infrastructure

Responsible Disclosure

If you discover a security vulnerability in Converta PM, we encourage you to report it responsibly. Please contact us at [email protected] with details of the vulnerability. We commit to acknowledging your report within 48 hours and will work with you to understand and address the issue promptly.

Questions

If you have questions about our security practices, please contact us at [email protected].

BlogChangelog

© 2026 The Forge. All rights reserved.