โ Back to Sign In
๐ก๏ธ
Security
How NestWise protects your financial data ยท iKHENZ IT SOLUTIONS
๐ Security at a Glance
โ HTTPS/SSL
โ Bcrypt passwords
โ CSRF protection
โ SQL injection prevention
โ HttpOnly cookies
โ Session security
โ No plain-text passwords
โ Data isolation per family
๐ Password Security
- All passwords are hashed using bcrypt with a cost factor of 12 before storage โ this is a one-way hash, meaning no one (including us) can ever read your password
- Password hashes are never logged, cached, or transmitted
- Minimum password length of 6 characters is enforced at registration
- We recommend using a unique password of at least 12 characters with a mix of letters, numbers and symbols
- You can change your password at any time from Profile settings
๐ Connection Security
- All connections to NestWise are encrypted using HTTPS/TLS โ data in transit is protected from interception
- Session cookies are set as HttpOnly โ they cannot be accessed by JavaScript, protecting against XSS attacks
- Cookies use SameSite: Strict policy โ they are only sent on same-site requests, preventing CSRF via cookie theft
๐ก Application Security
- CSRF tokens: Every form submission includes a unique, time-bound token that prevents cross-site request forgery attacks
- Prepared statements: All database queries use statements, making attacks impossible
- Input sanitisation: All user input is validated and sanitised before display to prevent XSS (cross-site scripting)
- Output escaping: All data rendered in HTML is escaped using methods
- No raw errors to users: Database and application errors are logged server-side only โ users see a friendly message, never raw code or stack traces
๐๏ธ Database Security
- Each family's data is strictly isolated using
ID's scoping on every query โ you can only ever read or write your own family's data
- The database is not publicly accessible โ connections only accepted from the web server
- Database credentials are stored in a protected configuration file outside the web root
- Health and habit data is additionally scoped by
Members ID โ family members cannot see each other's personal health records
๐ Session Security
- Session IDs are regenerated on login to prevent session fixation attacks
- Sessions expire when you close your browser (lifetime = 0)
- Session data is validated against the database on every page load โ tier, status and permissions are always live and up to date
- Cache-Control headers prevent browsers from caching authenticated pages, so your data is never accessible from the browser cache after you sign out
๐ค Account Security Tips
We recommend the following to keep your account secure:
- Use a strong, unique password that you don't use on other websites
- Never share your login credentials with anyone, including family members โ use the Family Connect feature instead
- Sign out when using NestWise on a shared or public device
- Keep your registered email address up to date so you can use password reset if needed
- Contact us immediately at nestwise@ikhenz.com if you notice any suspicious activity
๐จ Reporting a Security Issue
If you discover a security vulnerability in NestWise, please report it responsibly to iKHENZ IT SOLUTIONS. We take all reports seriously and will respond promptly.
Please do not publicly disclose security vulnerabilities before we have had the opportunity to address them.
๐ข About iKHENZ IT SOLUTIONS
NestWise is developed and maintained by iKHENZ IT SOLUTIONS, a technology company committed to building secure, privacy-respecting digital products for families worldwide.