Security at League67
Security controls are designed around verified identities, organization isolation, least privilege, protected sessions, and auditable changes.
Identity and sessions
Production authentication will use a standards-based identity provider. Application sessions are HTTP-only, time-limited, revocable, and validated against server-side records.
Tenant isolation
Organization membership and role checks are enforced server-side, supported by database row-level controls and scoped application transactions.
Sensitive information
Registration profiles are encrypted, private access codes are hashed, card data is delegated to a hosted payment processor, and sensitive actions are audited.
Reporting concerns
Security concerns should be reported through the contact page without including sensitive participant information.