Security principles
force.click is built around workspace-based access, authenticated app areas, protected API routes and conservative public crawling rules for private dashboard content.
Policy
Security
Security principles for force.click, including authentication, access control, payment handling, data protection and reporting concerns.
Last updated: May 22, 2026
Payments and sensitive data
Payment data is handled by Lemon Squeezy. The application should not store raw card details. Secrets and service keys should remain server-side only.
Operational safeguards
Recommended safeguards include HTTPS, environment variable protection, role-based access, protected admin routes, regular dependency review and monitoring of authentication and billing flows.
Reporting issues
Security concerns should be reported through the official support channel listed by the business owner before launch. Reports should include steps to reproduce and any affected URL or workspace area.