Security

Security

Little Stompers includes technical controls to protect accounts, bookings and CMS access.

Account security

• Passwords are stored using salted hashes.
• Owners, admins and staff have separate CMS roles.
• Staff email addresses must use the Little Stompers domain.
• Owner accounts are protected from deletion in the CMS.

Payment security

• Card payments are handled by Stripe.
• Secret Stripe keys must only be stored in Vercel environment variables.
• Webhooks verify payment events using the Stripe webhook signing secret.

Admin responsibilities

1. Use strong owner/admin passwords.
2. Remove staff access when no longer required.
3. Keep environment variables private.
4. Review bookings, accounts and legal pages regularly.