Trust Center · Coming soon

Security you can audit.
Not security you have to trust.

The IFO4 Trust Center is the public record of how we secure the Federation. Certifications, controls, audits, subprocessors, incidents, and the roadmap, all in one place. It is being assembled now. Below are the commitments already in production.

Live commitments

Already in production today.

These are not aspirations. Each item is deployed in code right now and visible in the public repository, audit log, and operator runbooks.

Encrypted by default

TLS 1.2+ in transit, AES-256 at rest for sensitive fields. Firebase Identity Platform session cookies are HttpOnly, Secure, SameSite=Lax, scoped to .ifo4.org.

Founder-only privileged actions

Hardcoded founder allowlist for security-sensitive admin functions. Runtime admins can moderate content but cannot add other admins, modify feature gates, or bypass audit.

Every admin action is audit-logged

Every privileged action is written to ifo4_admin_actions. Denied attempts are logged too. Useful for intrusion detection and accountability.

Read-only SQL console

The admin SQL console only accepts SELECT, WITH, SHOW, and EXPLAIN. No INSERT, UPDATE, DELETE, or DROP. There is no path to bypass the application layer.

CSRF + Origin validation

Every state-changing API call validates the Origin header. Session cookies are SameSite=Lax. Rate limits apply per IP and per account.

Isolated payment processing

Payment card data never touches IFO4 infrastructure. Stripe handles card collection, tokenization, storage, and PCI compliance. IFO4 holds only Stripe customer ids and billing metadata.

On-device exam integrity

Face detection and face matching run entirely in the candidate browser. No photos, video, or raw biometric data leave the device. Only anonymized integrity flags are transmitted, encrypted.

Breach notification on the clock

If a security incident affects your unencrypted personal information, IFO4 will notify you and the relevant authorities consistent with applicable U.S. federal and state law.

What is coming

The path to formal attestation.

IFO4 will not claim certifications we do not hold. Here is the public-record roadmap.

01
Q2 2026
Public trust center launch with live status page + subprocessor register
02
Q3 2026
SOC 2 Type II readiness review, audit-log export for customers
03
Q4 2026
Formal SOC 2 Type II report, penetration test summary, ISO 27001 roadmap
04
Q1 2027
Independent bug-bounty program, advisory security committee

Security contact

Find something? Tell us directly.

Coordinated disclosure is welcome. Response within one business day. We will not take legal action against good-faith researchers.

security@ifo4.org

Already in production today.

These are not aspirations. Each item is deployed in code right now and visible in the public repository, audit log, and operator runbooks.

Encrypted by default

TLS 1.2+ in transit, AES-256 at rest for sensitive fields. Firebase Identity Platform session cookies are HttpOnly, Secure, SameSite=Lax, scoped to .ifo4.org.

Founder-only privileged actions

Hardcoded founder allowlist for security-sensitive admin functions. Runtime admins can moderate content but cannot add other admins, modify feature gates, or bypass audit.

Every admin action is audit-logged

Every privileged action is written to ifo4_admin_actions. Denied attempts are logged too. Useful for intrusion detection and accountability.

Read-only SQL console

The admin SQL console only accepts SELECT, WITH, SHOW, and EXPLAIN. No INSERT, UPDATE, DELETE, or DROP. There is no path to bypass the application layer.

CSRF + Origin validation

Every state-changing API call validates the Origin header. Session cookies are SameSite=Lax. Rate limits apply per IP and per account.

Isolated payment processing

Payment card data never touches IFO4 infrastructure. Stripe handles card collection, tokenization, storage, and PCI compliance. IFO4 holds only Stripe customer ids and billing metadata.

On-device exam integrity

Face detection and face matching run entirely in the candidate browser. No photos, video, or raw biometric data leave the device. Only anonymized integrity flags are transmitted, encrypted.

Breach notification on the clock

If a security incident affects your unencrypted personal information, IFO4 will notify you and the relevant authorities consistent with applicable U.S. federal and state law.

The path to formal attestation.

IFO4 will not claim certifications we do not hold. Here is the public-record roadmap.

01

Q2 2026

Public trust center launch with live status page + subprocessor register

02

Q3 2026

SOC 2 Type II readiness review, audit-log export for customers

03

Q4 2026

Formal SOC 2 Type II report, penetration test summary, ISO 27001 roadmap

04

Q1 2027

Independent bug-bounty program, advisory security committee

Security you can audit.Not security you have to trust.

Already in production today.

Encrypted by default

Founder-only privileged actions

Every admin action is audit-logged

Read-only SQL console

CSRF + Origin validation

Isolated payment processing

On-device exam integrity

Breach notification on the clock

The path to formal attestation.

Find something? Tell us directly.

Security you can audit.Not security you have to trust.

Already in production today.

Encrypted by default

Founder-only privileged actions

Every admin action is audit-logged

Read-only SQL console

CSRF + Origin validation

Isolated payment processing

On-device exam integrity

Breach notification on the clock

The path to formal attestation.

Find something? Tell us directly.

Security you can audit.
Not security you have to trust.

Security you can audit.
Not security you have to trust.