The only guarantee I can realistically offer is that normal, reasonable precautions have been taken to protect the data, including server security and code quality. I deliberately don't want to go into too much detail around this for obvious reasons, save to say that it includes a firewall, brute force protection, VPN-only and key-only access to certain services, a code-checking process whereby code is checked by further developers before going live, frequent system and framework updates and so forth.
Sorry mec, but that’s not really a guarantee at all. Reasonable by whose standards? What precautions? Were your security implementations tested and verified by a trusted third party, or are you making this claim on the assumption that your work, reviewed only by yourself, is good enough?
What obvious reasons?
The only one I can think of is that you worry going into detail will reveal that things aren't quite as secure as you market them to be. I point this out because the entirety of the quoted paragraph above could be used to describe Solus, WHMCS, and numerous other panels with known flaws.
You also ignored over half of my prior response, so I'll post it again:
What does "fixing it" entail? Pulling a Solus/WHMCS and releasing a new patch every two days? Are you required to report CC theft in the event of a data breach? I notice you specifically mentioned "restoring from a backup" - I'm not talking about a bug/breach that destroys data. I'm specifically asking your plan of action in the event that all of the data you store is compromised and leaked, not destroyed.
I realize it seems like I'm just giving you a hard time - but for all of your projects you tend to advertise and describe as someone from a marketing department would - not how a developer would. This naturally would lead people to wonder if you have the technical expertise to back up your claims. Speaking from the viewpoint of someone involved frequently with development; if I were in the market for a billing system, your responses to questions in this thread would've thoroughly convinced me that LoadingDeck (along with billr and any of your other projects) would not be up to standard for what I consider secure/efficient.
Just a bit of advice - I know you have a history of starting things, getting them clear of beta, then letting them just kinda fade into obscurity. You're treading rather dangerous ground now, to be employing that attitude with a system designed to store information about people and finances. Your claim of "Use at own risk, it's free lol" doesn't make you immune to the regulations and policies that apply to running such enterprises. Nor is anyone likely to forgive you should something catastrophic occur, and the best you can do for them is "What did you expect, you weren't paying anything". If you're going to try and do something important, at the very least take the time to think things through and plan properly/accordingly.
