Security

If you discover a security vulnerability in creanode.com or in a CREANODE-operated system, please report it to us before disclosing it publicly. This gives us time to assess and remediate the issue. Report security vulnerabilities through the contact form with "SECURITY" in the subject line. We acknowledge all security reports within one business day.

CREANODE builds security into every layer of the systems we develop. Authentication uses bcrypt hashing, rate limiting, and brute-force prevention. All state-modifying requests are CSRF-protected. Access control is enforced at the data layer, not only in the UI. Sensitive data is encrypted at rest and in transit. Dependencies are regularly audited and updated for known vulnerabilities.

When a security incident is identified — whether reported externally or detected through monitoring — we follow a defined response procedure: containment, assessment, remediation, and notification. Affected organizations are notified promptly when a security incident may have affected their data. Incident details are documented and used to prevent recurrence.

The CREANODE platform is designed with security as a foundational constraint — not an add-on. The platform's security model includes tenant isolation, role-based access control, full audit logging, CSRF protection, rate limiting, and secure session management. For technical details, see the Security Model page.