Security
Not even we see the codes in plain text.
This page is deliberately technical: for the curious consumer, and for a brand's procurement team evaluating us before signing.
Last updated: July 3, 2026
Encryption
All traffic runs over TLS. The database (Postgres on Neon) is encrypted at rest. Label codes are never stored in plain text: they're kept as cryptographic fingerprints (salted hashes), so even direct database access doesn't reveal the real codes.
Codes that are hard to guess
Every code is generated with enough randomness that guessing, enumerating, or brute-forcing valid codes isn't viable. Attempting it is also prohibited under our Acceptable Use policy.
Brand accounts
Role-based access (who can generate, activate or void labels), encrypted credentials, and an audit log of every action. One brand never sees another brand's data.
Infrastructure
We run on Vercel (hosting) and Neon (database). Both are providers with their own security certifications (SOC 2 Type II, among others) — we don't reimplement critical infrastructure from scratch.
Link checking
The link checker cross-references every URL with Google Web Risk in addition to our own filters, before showing you a verdict.
What this page isn't
It's not a third-party certification or an independent audit — we don't have one yet. It's an honest description of the architecture as it stands today, and we update it if that changes.
Found a problem?
Report it in good faith following our Vulnerability Disclosure Policy. We don't penalize responsible research.
Contact
beo@beoriginal.id — we prioritize security reports.