Security

Security & trust

deshi.bd operates as critical infrastructure for Bangladesh's digital ecosystem. We take security, data protection, and responsible disclosure seriously.

Data protection

User accounts and reviews are stored with row-level security. Publisher submissions are scoped per-owner. We comply with the Bangladesh Data Protection Act and never sell personal data.

Authentication

Auth flows are managed by a hardened identity provider with bcrypt-hashed passwords, OAuth, and short-lived JWTs. Sessions can be revoked from your account page.

Responsible disclosure

Found a vulnerability? Email security@deshi.bd. Please give us 30 days before public disclosure. We acknowledge within 48h.

Infrastructure

All traffic is HTTPS-only with HSTS. Backend services run on edge infrastructure with DDoS protection. Database backups are encrypted at rest.