Wrench Icon

Our Security Practices

Security Overview

At Wrench Defense, protecting your account and personal data is our highest priority. We have designed our system to ensure that your information remains safe from breaches and unauthorized access. Our robust security measures meet industry-leading standards to provide you with peace of mind as you safeguard your digital assets, and we collect the absolute bare-minimum amount of data to provide you a functioning account with our service.

JWT Authentication & 2-Factor Authentication

We use JWT (JSON Web Tokens) for secure, stateless authentication. JWT security allows clients to transmit requests securely to our servers using a digitally signed token. Our implementation follows best practices by:

  • Signing tokens with secure algorithms (e.g., RS256) to prevent tampering.
  • Employing short-lived tokens that reduce the risk of unauthorized reuse.
  • Ensuring secure transmission over TLS protocols.

In addition, we support multiple forms of 2-Factor Authentication (2FA)—including authenticator apps and e-mail and more—to provide an extra layer of protection for your account.

Adhering to OWASP Guidelines & 12-Factor Best Practices

We follow the guidelines set forth by the Open Web Application Security Project (OWASP) to defend against the most common vulnerabilities, such as cross-site scripting (XSS), SQL injection, and CSRF. Our practices include:

  • Strict input validation and error handling.
  • Implementation of secure headers and content policies.
  • Regular security audits and vulnerability assessments.

Moreover, our application is built using the principles of the 12-Factor App methodology, ensuring that our code, configuration, and environment are separated, making our system more secure, scalable, and easy to maintain.

Secure Payment Processing

We understand that payment security is crucial. For subscription payments, we work exclusively with trusted third-party providers:

  • Stripe: A leader in online payment processing, Stripe follows strict PCI compliance and security standards, handling your payment data securely.
  • Radom: A leader in cryptocurrency based payments, Radom ensures that subscription payments are processed in a highly secure environment with minimal data exposure.

We share only the absolutely necessary information with these providers, and we never sell or share your personal data with any third party beyond what is required for payment processing.

Our Commitment to Your Privacy

At Wrench Defense, we are committed to protecting your privacy. Beyond securing your account with state-of-the-art authentication and following the best practices in software security, we ensure that your data is handled responsibly. Your information is only shared with trusted partners for vital service functions. We continually review and update our security protocols to adhere to evolving industry standards and maintain the trust you place in us.