1. Secure Infrastructure

🌐

CDN & DDoS Protection

DDoS mitigation, malicious request filtering, global CDN for high availability.

🔥

Web Application Firewall

WAF blocking SQL injections, XSS, CSRF and other common attacks.

🏢

Certified Datacenter

ISO 27001-certified datacenters located in the United States (CCPA/COPPA compliant).

🔄

High Availability

Redundant architecture with automatic failover and 99.9% uptime target.

↑ Haut

2. Data Encryption

Protection	Technology	Level
🌐 Web communications	TLS 1.3 / 256-bit SSL	Banking
🔑 Passwords	bcrypt (cost 12+)	Very High
💳 Banking data	Stripe Vault (AES-256)	PCI DSS L1
🗄️ Database	AES-256 at rest	High

↑ Haut

3. Authentication & Access Control

🔐 bcrypt password hashing with unique random salt;
🔄 Secure session tokens with automatic expiration;
🚫 Brute-force protection: temporary lockout after 5 failed attempts;
📧 Email verification required on account creation;
🔑 Secure password reset via single-use link (valid 1h);
🍪 Secure session cookies: HttpOnly, Secure, SameSite=Strict;
🌍 Login alerts from new devices or locations.

↑ Haut

4. Payment Security

💳 Stripe — PCI DSS Level 1

Card numbers are never transmitted to SAPEO servers;
All payments go directly through Stripe's secure infrastructure;
3D Secure (3DS2) authentication for enhanced payment security;
Automatic fraud detection via Stripe Radar (AI);
Full PCI DSS Level 1 compliance — the highest standard.

↑ Haut

5. Continuous Monitoring

👁️

24/7 Monitoring

Real-time infrastructure and application monitoring.

📊

Audit Logs

Comprehensive logging of access and sensitive actions for 12 months.

🔄

Encrypted Backups

Daily encrypted automatic backups across 3 distinct geographic zones.

🔬

Vulnerability Scanning

Regular automated scans and periodic penetration testing.

↑ Haut

6. KYC Identity Verification

The KYC process is required for creators who wish to make withdrawals, in compliance with anti-money laundering (AML/CFT) regulations.

1️⃣

Submission

Official ID + bank details (IBAN)

2️⃣

Verification

Review by our team within 24-48 business hours

3️⃣

Validation

KYC badge awarded. Withdrawals unlocked.

↑ Haut

7. Responsible Vulnerability Disclosure

📧 Responsible Disclosure Program

Report to: security@sapeo.org

Response time: Acknowledgment within 48h, fix within 90 days

✅ Good faith reporting without premature public disclosure;
✅ Minimal access to demonstrate the vulnerability;
✅ No access to other users' data;
✅ No data modification or destruction.

↑ Haut

8. Our Security Commitments

🔒 Zero stored card data

No card numbers are ever stored on our servers.

🛡️ Regular audits

Penetration tests and security audits by independent experts.

⚡ Incident response

Incident response plan with user notification within 72h in case of breach.

🌐 EU hosting

All data stored in the United States, CCPA/COPPA compliant.

↑ Haut

📚 Documents légaux complémentaires

📜 CGU 🔐 Confidentialité 🍪 Cookies ⚖️ Mentions légales

Your Security, Our Top Priority

1. Secure Infrastructure

CDN & DDoS Protection

Web Application Firewall

Certified Datacenter

High Availability

2. Data Encryption

3. Authentication & Access Control

4. Payment Security

💳 Stripe — PCI DSS Level 1

5. Continuous Monitoring

24/7 Monitoring

Audit Logs

Encrypted Backups

Vulnerability Scanning

6. KYC Identity Verification

Submission

Verification

Validation

7. Responsible Vulnerability Disclosure

📧 Responsible Disclosure Program

8. Our Security Commitments

🔒 Zero stored card data

🛡️ Regular audits

⚡ Incident response

🌐 EU hosting