Security
Main implemented controls and recommended practices to run securely.
Current controls
- Password-hash authentication and Google OAuth.
- Turnstile anti-bot verification on login and registration.
- Secure cookies and session-version control.
- Audit logs for key invoice and user actions.
Operational best practices
- Use long and unique passwords.
- Revoke unused API tokens.
- Review audit records regularly.
- Avoid sharing accounts across team members.