Security

• Encrypted with AES-256-GCM before they are stored in the database.
• Never sent to the browser or exposed on public listing pages.
• Decrypted only on the server when granting collaborator access.

• Every Razorpay notification is cryptographically verified before we act on it.
• Orders are processed once — duplicate events cannot double-grant access.

Private repo owner and name are stripped from public listing pages so scrapers cannot harvest coordinates. Full paths appear only to the buyer after a successful purchase.

Listing images and videos are validated (type and size), tied to the listing owner, and stored in a private bucket. Files are served through the app — the storage bucket itself is never public.

Forms, checkout, uploads, and admin actions are rate-limited to reduce abuse. Production deployments with multiple app instances should use a shared limit store (e.g. Redis).