FairArena Logo
FairArena
Docs
security

Security & Privacy

How FairArena protects your data and ensures your privacy

Edit on GitHub

Our Security Commitment

At FairArena, security isn't an afterthoughtβ€”it's built into every layer of our platform. We use enterprise-grade security measures to protect your data and give you complete control over your privacy.

πŸ”’

Enterprise Security

Military-grade encryption, DDoS protection, and 24/7 monitoring keep your data safe

πŸ‘οΈ

You Control Privacy

Granular privacy controls let you decide exactly who sees your information

Security Features

Multi-Layer Protection

LayerTechnologyProtection
πŸ” AuthenticationClerk (Industry leader)Secure login, 2FA, session management
πŸ›‘οΈ DDoS ProtectionArcjetAdvanced attack prevention
πŸ€– Bot DetectionArcjetAutomated threat blocking
πŸ”’ EncryptionTLS/SSL, AES-256Data in transit & at rest
⚑ Rate LimitingSmart throttlingPrevents abuse & attacks
πŸ‘οΈ Monitoring24/7 surveillanceReal-time threat detection
πŸ“Š Audit LogsComplete trackingAccountability & compliance

Data Encryption

In Transit:

All connections encrypted

  • βœ… TLS 1.3 (latest standard)
  • βœ… Perfect forward secrecy
  • βœ… Strong cipher suites
  • βœ… Certificate pinning
  • βœ… Automatic HTTPS redirect

Result: No one can intercept your data

Secure API communications

  • βœ… Token-based authentication
  • βœ… Request signing
  • βœ… Rate limiting
  • βœ… Input validation
  • βœ… Output sanitization

Result: APIs protected from abuse

Real-time security

  • βœ… WSS (WebSocket Secure)
  • βœ… Authentication required
  • βœ… Message encryption
  • βœ… Connection validation

Result: Secure real-time features

At Rest:

  • πŸ” Database encryption (AES-256)
  • πŸ” File storage encryption
  • πŸ” Backup encryption
  • πŸ” Key management (secure vault)

Account Security

Authentication

Powered by Clerk:

Multiple authentication methods:

Email & Password:

  • Strong password requirements
  • Password strength meter
  • Breach detection
  • Secure password hashing (bcrypt)

Social Login:

  • Google OAuth
  • GitHub OAuth
  • Secure token exchange

Magic Links:

  • Passwordless login option
  • Time-limited tokens
  • One-time use

Password requirements:

  • Minimum 8 characters
  • Mix recommended:
    • Uppercase letters
    • Lowercase letters
    • Numbers
    • Special characters

Protection features:

  • βœ… Breach database checking
  • βœ… Password history (no reuse)
  • βœ… Secure storage (hashed + salted)
  • βœ… Never sent in plain text
  • βœ… Can't be recovered (only reset)

Secure sessions:

  • βœ… Encrypted session tokens
  • βœ… Automatic expiration
  • βœ… Concurrent session limits
  • βœ… Device tracking
  • βœ… Remote logout capability

Session duration:

  • Active: 7 days (default)
  • Inactive: 30 minutes timeout
  • Remember me: 30 days
  • All configurable in settings

Two-Factor Authentication (2FA)

Add an extra security layer:

Enable 2FA

  1. Go to Account Settings
  2. Navigate to Security
  3. Click Enable Two-Factor Authentication

Choose Method

Available options:

MethodSecurity LevelConvenience
Authenticator AppπŸ”’πŸ”’πŸ”’ High⭐⭐⭐ Good
SMSπŸ”’πŸ”’ Medium⭐⭐⭐⭐ Easy
EmailπŸ”’ Basic⭐⭐⭐⭐⭐ Easiest

Recommended: Authenticator app (Google Authenticator, Authy)

Set Up

For Authenticator App:

  1. Scan QR code with app
  2. Enter 6-digit code
  3. Verify it works
  4. Save backup codes

For SMS:

  1. Enter phone number
  2. Verify with code
  3. Enable 2FA

For Email:

  1. Confirm email address
  2. Test with code
  3. Activate

Save Backup Codes

⚠️ Critical: Save backup codes securely

  • Use if you lose 2FA device
  • Each code works once
  • Store in password manager or safe place
  • Print and keep in secure location

Test 2FA

  1. Log out
  2. Log back in
  3. Enter 2FA code
  4. Confirm it works

Important!

Keep backup codes safe! If you lose your 2FA device without backup codes, you'll need to contact support to recover your account.

Password Management

Reset Password:

Initiate Reset

Click "Forgot Password" on login page

Verify Identity

Enter your email address

Check Email

  • Reset link sent instantly
  • Valid for 1 hour
  • Single use only

Create New Password

  • Enter new password
  • Confirm password
  • Must be different from old
  • Save changes

Confirmation

  • Password updated successfully
  • All sessions logged out
  • Log in with new password

Password Best Practices:

Privacy Controls

Profile Privacy

Control who sees your information:

Maximum visibility

Who can see:

  • βœ… Anyone on the internet
  • βœ… Search engines
  • βœ… Non-logged in users

Best for:

  • Job seekers
  • Freelancers
  • Public figures
  • Open networking

Set: Profile β†’ Privacy β†’ Public

Platform-only visibility

Who can see:

  • βœ… Logged-in FairArena users only
  • ❌ Search engines
  • ❌ Non-members

Best for:

  • Most users
  • Balanced privacy
  • Internal networking

Set: Profile β†’ Privacy β†’ Private

Maximum privacy + tracking

Who can see:

  • βœ… Only logged-in users
  • βœ… You can track who views
  • ❌ Anonymous viewing disabled

Best for:

  • High privacy needs
  • Track your audience
  • Controlled access

Set: Profile β†’ Privacy β†’ Require Authentication

Data You Control

What you can make private:

Data TypePrivacy ControlLocation
ProfilePublic/Private/AuthProfile Settings
EmailShow/HideAccount Settings
PhoneShow/HideProfile Settings
ResumeShow/HideProfile Settings
Work HistoryShow/HideProfile Settings
EducationShow/HideProfile Settings
ProjectsPublic/Internal/PrivateProject Settings
TeamsPublic/Internal/PrivateTeam Settings
OrganizationsPublic/PrivateOrganization Settings

View Tracking

Control who can see you:

Enable View Tracking:

  1. Profile Settings β†’ Privacy
  2. Toggle "Track Profile Views"
  3. Enable "Require Authentication"
  4. Save changes

What you'll see:

  • Viewer's name
  • Viewer's email
  • View timestamp
  • Total view count
  • Recent viewers list

Disable Tracking:

  • Toggle off anytime
  • Previous data retained
  • No new tracking

Data Privacy

What We Collect

Account Information:

  • Email address
  • Name (first, last)
  • Password (hashed, never stored plain)
  • Profile information you provide

Usage Information:

  • Features you use
  • Pages you visit
  • Actions you take
  • Performance data
  • Error logs (for debugging)

Technical Information:

  • IP address
  • Browser type and version
  • Device information
  • Operating system
  • Login timestamps

How We Use Data

Primary uses:

  1. Provide Service: Enable platform features
  2. Authentication: Verify your identity
  3. Communication: Send important notifications
  4. Improvement: Make platform better
  5. Security: Protect against threats
  6. Support: Help you when needed
  7. Legal: Comply with obligations

We DON'T:

  • ❌ Sell your data
  • ❌ Share without permission
  • ❌ Use for unrelated purposes
  • ❌ Track across other websites
  • ❌ Sell to advertisers

Data Rights

Your rights:

RightDescriptionHow to Exercise
AccessSee what data we haveAccount β†’ Privacy β†’ Export Data
CorrectionFix incorrect dataEdit in Settings
DeletionDelete your dataAccount β†’ Delete Account
PortabilityGet your dataAccount β†’ Export
ObjectStop certain processingContact support
RestrictLimit how we use dataPrivacy Settings

Data Retention

How long we keep data:

Data TypeRetention PeriodReason
Active AccountWhile account existsService provision
Deleted Account30 daysAllow recovery
Backup Data90 daysDisaster recovery
Audit Logs1 yearSecurity & compliance
Transaction Records7 yearsLegal requirement

Platform Security

Infrastructure

Built on secure foundations:

  • πŸ—οΈ Modern Stack: React 19, Express 5, PostgreSQL
  • ☁️ Cloud Infrastructure: Reliable hosting
  • πŸ”„ Regular Updates: Security patches applied quickly
  • πŸ“¦ Dependency Management: Monitored for vulnerabilities
  • πŸ”’ Database Security: Connection pooling, prepared statements
  • πŸ›‘οΈ SQL Injection Prevention: Prisma ORM protection

DDoS & Attack Protection

Arcjet Protection:

Advanced attack prevention:

  • βœ… Traffic analysis
  • βœ… Automatic mitigation
  • βœ… Load balancing
  • βœ… IP filtering
  • βœ… Challenge responses

Result: Platform stays online during attacks

Stop malicious bots:

  • βœ… Behavioral analysis
  • βœ… Machine learning detection
  • βœ… CAPTCHA challenges
  • βœ… Fingerprint analysis
  • βœ… Real-time blocking

Result: Only real users access platform

Prevent abuse:

  • βœ… Request throttling
  • βœ… Per-IP limits
  • βœ… Per-user limits
  • βœ… Smart adjustments
  • βœ… Fair usage policies

Result: Resources available for everyone

Monitoring & Response

24/7 security monitoring:

  • πŸ” Real-time threat detection
  • 🚨 Automated alerting
  • πŸ‘¨β€πŸ’» Security team response
  • πŸ“Š Performance monitoring
  • πŸ“ Incident logging
  • πŸ”„ Continuous improvement

Compliance & Standards

Security Standards

We follow:

StandardDescriptionStatus
HTTPS EverywhereAll connections encryptedβœ… Compliant
OWASP Top 10Web security best practicesβœ… Followed
GDPREU data protectionβœ… Compliant
CCPACalifornia privacy lawβœ… Compliant
SOC 2Security controlsπŸ”„ In progress

Regular Audits

Security practices:

  • πŸ” Weekly vulnerability scans
  • πŸ” Quarterly security audits
  • πŸ“‹ Annual penetration testing
  • πŸ”„ Continuous monitoring
  • πŸ“ Incident response plans

Reporting Security Issues

Responsible Disclosure

Found a security issue? We appreciate responsible disclosure:

Identify Issue

Document the security concern:

  • What's the vulnerability?
  • How did you find it?
  • What's the impact?
  • Steps to reproduce

Report Privately

Email: security@fairarena.com

Include:

  • Detailed description
  • Reproduction steps
  • Screenshots/videos if applicable
  • Your contact information

Wait for Response

  • We respond within 24-48 hours
  • Keep issue confidential
  • Don't exploit vulnerability
  • Don't share publicly yet

Coordinate Disclosure

  • We'll work on a fix
  • You'll be credited (if desired)
  • Public disclosure coordinated
  • Responsible disclosure appreciated

Rewards:

  • Recognition in security hall of fame
  • Potential bug bounty (case by case)
  • Our sincere thanks!

Please don't: Exploit vulnerabilities, access others' data, disrupt service, or disclose publicly before we can fix. We appreciate responsible disclosure!

Best Practices for Users

Protect Your Account

Essential security habits:

  1. βœ… Use strong, unique password
  2. βœ… Enable 2FA
  3. βœ… Keep software updated
  4. βœ… Use secure networks
  5. βœ… Log out on shared devices
  6. βœ… Monitor account activity
  7. βœ… Review privacy settings
  8. βœ… Be cautious with emails

Recognize Phishing

Warning signs:

Red FlagExample
Suspicious sender"fairarenas-support@gmail.com"
Urgent requests"Account will be deleted in 24h!"
Generic greetings"Dear user" instead of your name
Suspicious linksURL doesn't match fairarena.com
Request for passwordWe NEVER ask for your password
Poor grammarObvious spelling/grammar errors

If suspicious:

  1. Don't click links
  2. Don't provide information
  3. Forward to security@fairarena.com
  4. Delete the email

FAQs

Next Steps

Security concerns? Email security@fairarena.com immediately.

Credits & Pricing

Understand FairArena's credit system and flexible pricing plans

Support & Help

Get help and support for using FairArena

On this page

Our Security CommitmentSecurity FeaturesMulti-Layer ProtectionData EncryptionAccount SecurityAuthenticationTwo-Factor Authentication (2FA)Enable 2FAChoose MethodSet UpSave Backup CodesTest 2FAPassword ManagementInitiate ResetVerify IdentityCheck EmailCreate New PasswordConfirmationPrivacy ControlsProfile PrivacyData You ControlView TrackingData PrivacyWhat We CollectHow We Use DataData RightsData RetentionPlatform SecurityInfrastructureDDoS & Attack ProtectionMonitoring & ResponseCompliance & StandardsSecurity StandardsRegular AuditsReporting Security IssuesResponsible DisclosureIdentify IssueReport PrivatelyWait for ResponseCoordinate DisclosureBest Practices for UsersProtect Your AccountRecognize PhishingFAQsNext Steps
Edit this page