Security

GB-FiscalAI implements several security measures to protect your data.

Authentication

JWT (JSON Web Token)

• Cryptographically signed tokens
• Automatic expiration
• Secure client-side storage

Password

• bcrypt hashing (256 bits)
• Unique salting per user
• Never stored in plain text

Session

Inactivity Timeout

• Logout after 30 minutes of inactivity
• Counter reset on each action
• Protection against unauthorized access

Detected Actions

• Mouse movement
• Keyboard input
• Scrolling
• Click

Data Protection

Encryption

• Mandatory HTTPS (TLS 1.3)
• Let's Encrypt certificates
• Data encrypted in transit

Database

• Restricted access
• Encrypted passwords
• Regular backups

CORS (Cross-Origin Resource Sharing)

The API only accepts requests from authorized domains:

• gbfiscalai.srv1164291.hstgr.cloud
• localhost (development)

Input Validation

All user data is validated:

• Strict data types
• Maximum lengths
• Authorized characters
• SQL injection protection
• XSS protection

Audit Logs

Tracked Actions

• Login/logout
• Data modifications
• Data exports
• Administrative actions

Retention

• Logs retained for 1 year
• Accessible to admins
• Non-modifiable format

User Recommendations

Strong Password

✅ Good: X7#mK9$pL2@nQ4
❌ Bad: password123

Best Practices

1. Never share your credentials
2. Log out after use
3. Use an up-to-date browser
4. Avoid public WiFi networks

Report an Incident

If you suspect a compromise:

1. Change your password
2. Contact the administrator
3. Do not delete any evidence

Secure Architecture

┌─────────────────────────────────────────┐
│           Traefik (HTTPS)               │
│         + SSL Certificate               │
├─────────────────────────────────────────┤
│            API FastAPI                  │
│    + Validation + JWT Auth              │
├─────────────────────────────────────────┤
│           PostgreSQL                    │
│     + Restricted network access         │
└─────────────────────────────────────────┘

Compliance

GB-FiscalAI complies with:

• GDPR (personal data protection)
• Customs security standards
• Ministry of Finance policies

Security Updates

• Continuous vulnerability monitoring
• Regular patches applied
• Dependencies kept up to date

Security Contact

To report a vulnerability:

• Email: security@gbfiscalai.gw
• Response guaranteed within 48 hours