Security Statement

• All traffic uses HTTPS (TLS 1.3).
• Passwords hashed with Argon2id + unique salt.
• PCI-compliant payments via Creem; no card data stored on our servers.
• Data at rest encrypted with AES-256 on Vercel Postgres.
• Independent penetration tests twice per year.
• Report vulnerabilities: hbb20220104@163.com