Security & Trust
We take security seriously. Here is how we protect your data, your privacy, and your trust.
Infrastructure Security
Built on Cloudflare Workers running at the edge across 300+ global data centers. All data is encrypted at rest and in transit via TLS 1.3. DDoS protection included by default.
Authentication
Managed authentication provider with bcrypt password hashing (cost factor 12). Session tokens are cryptographically signed and rotated regularly. Optional two-factor authentication for brand accounts.
Data Protection
All data stored in Cloudflare D1 with encryption at rest. Static assets served via R2 secure storage. Secrets managed through environment variables — never stored in plain text or committed to source control.
Click-Through Privacy
When a partner clicks through to an affiliate program, we log only the partner ID, program ID, and timestamp for attribution. We do not log IP addresses, fingerprints, or any personally identifiable information for click tracking.
Payment Security
All payment processing is handled by Stripe, a PCI DSS Level 1 certified provider. We never see, store, or transmit your card numbers. Billing data is managed entirely within Stripe's secure infrastructure.
API Security
All API endpoints are rate-limited to prevent abuse. Authentication via scoped API keys with fine-grained permissions. Keys can be rotated or revoked instantly from your dashboard.
Content Moderation
Every program listing goes through an approval workflow before publication. User reviews are moderated for spam and policy violations. Automated detection flags suspicious content for manual review.
Responsible Disclosure
Found a vulnerability? We appreciate responsible disclosure. Please report security issues to security@theaffiliateindex.com. We aim to acknowledge reports within 24 hours and resolve critical issues within 72 hours.
Questions about security?
Reach out to our team at security@theaffiliateindex.com
Last updated: March 2026