Security Practices.

At ParaScores, we understand that you trust us with your organization's statistics, rosters, matches, and user details. Security is not an afterthought; it is integrated into our backend architecture, API gateways, database rules, and front-end code.

We continually upgrade our practices, monitor traffic for anomalies, and conduct threat evaluations to prevent security risks and platform downtime.

We encrypt data both during transmission and at rest:

• In Transit: All web and API traffic is encrypted using Secure Sockets Layer / Transport Layer Security (HTTPS with TLS 1.3). Any HTTP connection is automatically redirected to secure HTTPS connections.
• At Rest: Databases, logs, and uploaded crests/banners are stored on secure cloud services utilizing AES-256 encryption. Backup instances are also fully encrypted.

We protect access to accounts and organization workspaces using strict verification mechanisms:

• Password Hashing: Passwords are never stored in plain text. We hash user credentials using industry-proven, high-performance password-hashing algorithms (bcrypt) before saving them to database storage.
• Token-Based Authentication: Sessions are secured using JSON Web Tokens (JWT) containing expiration parameters and cryptographic signatures.
• Multi-Tenant Isolation: Data rows are separated with database queries validated at the API level (e.g. verifying role mappings like OWNER, ADMIN, and MEMBER) before returning resources.

Our application and database assets are hosted on enterprise cloud providers (such as Vercel and AWS) that feature advanced security postures:

• Physical Security: Data centers utilize biometrics, 24/7 security staff, and surveillance monitors.
• DDoS Protection: Automated network traffic filtering mitigates Distributed Denial of Service (DDoS) attempts, safeguarding widget delivery and website uptime.
• System Backups: Automated daily backups are maintained across multiple geographic availability zones to guarantee rapid recovery in the event of an outage.

We appreciate the security community's work in keeping the internet safe. If you discover a vulnerability or a bug in our tournament platform or widget scripts, please report it to us immediately.

Send vulnerability details directly to: admin@parascores.com. Please provide steps to reproduce the issue, and allow us reasonable time to respond and deploy a fix before sharing any information publicly.