67League67Return home
SECURITY

Security at League67

Identity and sessions

Production authentication will use a standards-based identity provider. Application sessions are HTTP-only, time-limited, revocable, and validated against server-side records.

Tenant isolation

Organization membership and role checks are enforced server-side, supported by database row-level controls and scoped application transactions.

Sensitive information

Registration profiles are encrypted, private access codes are hashed, card data is delegated to a hosted payment processor, and sensitive actions are audited.

Reporting concerns

Security concerns should be reported through the contact page without including sensitive participant information.