Security & trust
deshi.bd operates as critical infrastructure for Bangladesh's digital ecosystem. We take security, data protection, and responsible disclosure seriously.
Data protection
User accounts and reviews are stored with row-level security. Publisher submissions are scoped per-owner. We comply with the Bangladesh Data Protection Act and never sell personal data.
Authentication
Auth flows are managed by a hardened identity provider with bcrypt-hashed passwords, OAuth, and short-lived JWTs. Sessions can be revoked from your account page.
Responsible disclosure
Found a vulnerability? Email security@deshi.bd. Please give us 30 days before public disclosure. We acknowledge within 48h.
Infrastructure
All traffic is HTTPS-only with HSTS. Backend services run on edge infrastructure with DDoS protection. Database backups are encrypted at rest.