Security System

How SubSave protects your transactions and subscriptions.

Security is the cornerstone of the SubSave ecosystem. We are committed to maintaining the confidentiality, integrity, and availability of our marketplace services. Our platform architecture is built around a defense-in-depth security model to safeguard transaction structures, account slots, user data, and active subscription keys.

Below is a detailed overview of the technical, administrative, and physical security controls we employ to protect our operations and prevent malicious actors from undermining our service guarantees.

1. Data Encryption and Transport Protocol

All user communication with the Services is encrypted in transit and at rest:

  • Encryption in Transit: We enforce HTTP Strict Transport Security (HSTS) and encrypt all traffic using TLS 1.3 (with fallback support for TLS 1.2 using secure, modern cipher suites).
  • Encryption at Rest: Sensitive databases, invite configurations, account activation links, and key databases are encrypted using the AES-256 algorithm. Cryptographic keys are managed via hardware security modules (HSMs) with strict rotation schedules.
  • Browser-Level Isolation: Cookies and local session parameters (localStorage) are isolated using Secure, HttpOnly, and SameSite=Strict attributes to prevent Cross-Site Scripting (XSS) and Session Hijacking.

2. Payment Integrity and PCI Compliance

SubSave enforces strict separation of payment parameters. We do not store, process, or transmit raw credit card PANs (Primary Account Numbers) or cardholder data on our servers. All subscription payments are processed using sandboxed, tokenized forms integrated directly with payment partners audited under PCI-DSS Level 1 specifications. This setup prevents card details from ever being exposed in our logs or application layer database.

3. Secure Account Sourcing and Slot Verification

Unlike unsecured peer-to-peer sharing websites, SubSave utilizes a centralized, verification-first model:

  • Distributor Verification: All subscription activation slots, family plan slot invites, and license codes are sourced directly from authorized regional distributors or verified publishers.
  • Automated Pre-Delivery Audits: Our proprietary background check systems automatically test keycodes and token validation states prior to rendering them in your Dashboard, neutralizing "dead on arrival" codes.
  • Slot Isolation: Family slots are strictly separated. No user in a shared family plan has visibility into another user's profile settings, account credentials, or consumption history.

4. Threat Intelligence and Geolocation Compliance

We leverage advanced Web Application Firewalls (WAF) and threat monitoring engines to defend our infrastructure from DDoS, SQL Injection, and automated brute-force scripts. Additionally, to comply with publisher regional distribution policies, we employ real-time geolocation checks to block fraudulent activation requests coming from spoofed server locations, preserving active slot allocations exclusively for legitimate buyers.

5. Vulnerability Disclosures & Bug Bounty

We run routine vulnerability scans, package dependency checks, and internal code audits. If you are a cybersecurity researcher and believe you have discovered a vulnerability on our platform, please report it to security@subsave.com. We investigate all valid submissions and operate a responsible disclosure policy to address confirmed bugs before public release.