Skip to main content
Logo
Platform Policy

Security Policy

Effective Date: July 10, 2026. Explore data encryption systems, host servers, and security protocols.

1. Security Architecture

Bariportal Enterprise ("we," "our," "us") implements a multi-layered security infrastructure designed to protect our verified property marketplace against unauthorized access, data breaches, and infrastructure exploits. Security is integrated into every level of our system development life cycle, from backend code validation rules to server configuration and deployment networks.

We host our applications on secure Google Cloud Platform (GCP) configurations, leveraging isolated Virtual Private Clouds (VPCs), managed firewalls, and real-time network attack monitors. Database backups are taken automatically on a daily schedule and are stored in encrypted buckets with restricted, role-based access tokens.

2. Transmission & Storage Encryption

All interactions with the Bariportal website and mobile applications are encrypted using Secure Sockets Layer (SSL) and Transport Layer Security (TLS 1.3) protocols. Any attempt to access our endpoints over unencrypted HTTP is automatically redirected to HTTPS.

  • Data at Rest: Core database structures, session logs, and personal identity documents (NID and deed scans) are encrypted at rest using industry-standard Advanced Encryption Standard (AES-256) methods.
  • Credential Encryption: User passwords are encrypted using secure cryptographic hashing algorithms (BCrypt) with randomized salt parameters before being saved in database records. We never store plain text passwords.
  • Secure Payment Processing: Payment gateways are tokenized and compliant with PCI-DSS guidelines. All transactions are routed directly to certified processors (e.g. SSLCommerz, bKash, Nagad), ensuring no card numbers are logged on our servers.

3. Monitoring & Incident Handling

We maintain active logs of all critical operations (role updates, workspace edits, document validations) inside our database. Our operations center continuously monitors authorization anomalies:

  • Access Control: Gate authorization constraints are enforced on all admin, owner, and tenant endpoints to ensure users cannot view or edit unauthorized data fields.
  • Rate Limiting: Endpoints are rate-limited to mitigate brute-force credential stuffing and distributed denial-of-service (DDoS) attempts.
  • Vulnerability Management: We perform regular dependency audits using automated security tools (e.g. Pint and security-checkers) to detect and patch system vulnerabilities.

4. Vulnerability Disclosure

We welcome reports from independent security researchers. If you identify a potential security vulnerability on our platform, please disclose it responsibly by sending details to `security@bariportal.com`. We resolve verified security tickets on high priority.