Security Measures
GuroHero implements multiple layers of security:
- HTTPS/SSL Encryption: All data in transit is encrypted using TLS 1.2 or higher
- Database Encryption: All data at rest in Firebase Firestore is encrypted
- Authentication: Google OAuth 2.0 for secure user authentication; no passwords stored
- API Security: Google Cloud Functions with API key rotation
- Access Control: Firebase Firestore security rules restrict unauthorized access
- Firewall: Google Cloud Armor DDoS protection
- Monitoring: Real-time security monitoring and alerts
Vulnerability Disclosure Program
We appreciate responsible security research. If you discover a security vulnerability, please report it to us responsibly:
Security Email: info@gurohero.online
Please include:
- Description of the vulnerability
- Steps to reproduce (if possible)
- Potential impact
- Your contact information
We commit to:
- Acknowledging receipt within 48 hours
- Investigating the issue promptly
- Providing updates on progress
- Crediting you if you wish (optional)
- Not pursuing legal action for good faith reports
Incident Response
If a security incident occurs, we will follow this process:
- Detection & Analysis (0-2 hours): Identify and analyze the security incident
- Containment (2-24 hours): Stop the attack and prevent further damage
- Eradication (1-7 days): Remove the attacker and close the vulnerability
- Recovery (1-7 days): Restore systems to normal operation
- Notification (within 72 hours): Notify affected users as required by law
- Post-Incident Review (1-2 weeks): Analyze and improve security
What We Do NOT Store
- Credit card numbers or payment cards
- Bank account credentials or routing numbers
- E-wallet passwords or PINs
- API keys or authentication tokens in client code
- Unencrypted passwords
Security Audit & Testing
GuroHero commits to:
- Annual third-party security audits
- Regular penetration testing
- Monthly security updates and patches
- Code review for all security-critical features
- Compliance with Google Cloud Security Best Practices
Reporting a Security Incident
If you believe you've discovered a security vulnerability or experienced a breach:
Contact: info@gurohero.online
Do NOT post publicly or share details on social media. We will investigate and respond within 48 hours.
Security Updates
We monitor security threats continuously and apply patches/updates within 24 hours of release for critical vulnerabilities.