1. Data protection

We protect your personal and account data with technical and organisational measures:

• Passwords: stored using industry-standard hashing (e.g. PHP password_hash with bcrypt/argon2). We never store or transmit plain-text passwords.
• Transport: the site is served over HTTPS (TLS) so data in transit is encrypted.
• Database: access is restricted, and sensitive data is stored in a controlled environment.
• Payment data: we do not store card numbers. Payments are processed by Stripe or PayPal; only tokens or references are stored where needed.

2. Access control

Access to the License Server (database, config, and hosting) is limited to authorised personnel. Access is logged and reviewed. We use strong authentication and principle of least privilege.

3. License keys and API

License keys are generated using cryptographically secure methods. The public validation and activation API does not expose sensitive personal data. API requests may be rate-limited and logged for abuse prevention.

4. Monitoring and incident response

We monitor the service for anomalies and security events. In the event of a suspected breach or incident, we will investigate, contain, and notify affected users and authorities where required by law. See our Privacy Policy for how we handle personal data.

5. Your part

You can help keep your account secure by:

• Using a strong, unique password and not sharing it.
• Logging out when using shared devices.
• Keeping your license keys confidential and only activating on sites you control.
• Reporting any suspected security issue to Apionline at ccer78@outlook.com.