Favicore

Professional image conversion for apps, websites and automation.

Sign InGet Started
Security

Security overview

Security in Favicore is designed around controlled storage access, async workers, isolated billing and minimal direct exposure of internal infrastructure.

Account protection

Email verification is required for account activation. Sensitive flows such as signup, login and password reset are protected with verification codes, reset tokens and CAPTCHA support to reduce abuse and scripted account spam.

Storage and download model

Files are stored in object storage and downloads are proxied through the backend. Customers do not receive direct object store credentials or public storage paths for their private conversions.

API keys and sessions

API keys are shown in full only once and stored as protected values on the backend side. User access is bound to revocable sessions, and password resets invalidate prior sessions to reduce account takeover risk.

Billing isolation

Checkout and subscription state are controlled by backend-managed billing flows. The frontend does not need to expose internal payment provider logic or account credentials to operate the product.

Security contact

For vulnerability reports or suspicious account behavior, contact support@favicore.com with reproduction steps, timestamps and the affected email or job id.