Security
Liquid Learn applies practical safeguards to the public website, assessment submissions, and administrative reporting.
Last updated July 14, 2026Application safeguards
- Submitted payloads are schema validated and subject to request-size limits.
- Contact and assessment endpoints use origin checks, rate limits, and bot controls.
- Administrative sessions use signed, HTTP-only cookies and are not cached.
- Security headers restrict framing, content sources, referrers, and browser permissions.
Data access
Browser clients do not receive database service credentials. Submitted records are written through server-side routes, and database row-level security is enabled. Administrative access must be explicitly configured and is protected separately from the public site.
Transport and hosting
Production traffic is expected to use HTTPS with strict transport security. Hosting, database, and optional email delivery are provided through established infrastructure vendors. Secrets are supplied through deployment environment variables rather than browser code.
Scope of claims
This page describes implemented application controls; it does not claim a third-party security certification or independent assurance report. Customer-specific requirements should be reviewed during product evaluation and documented in the applicable agreement.
Report a security concern
Send a concise description, affected URL, and reproduction details to info@fluidbiz.com. Do not include sensitive personal data or exploit a suspected issue beyond what is necessary to demonstrate it.