The Tourial product is a public facing application by design. Most of our data exists in the form of these public tours.
We do not track Personal Identifiable Information (PII) except for customers that create tours within our online studio. Access to our customers' data is stored securely in our password protected database. Their passwords are also encrypted.
Our email/password login system that salts & hashes passwords at rest. Upon login, users are issued tokens which are stored in a userSessions table. We can immediately revoke any/all user sessions if ever needed, logging everyone else out at once.
npm audit command that audits all our dependencies to ensure there are no known vulnerabilities. Additionally, we keep our codebase in a private Github repository that is behind their robust auth platform.