Overview Quick Start Setup Guide Examples Pricing InfraMorph FAQ Troubleshooting Security

Registration Process & Security

This guide explains how to register for Inframorph and details our comprehensive security measures for protecting your data and payments.

🚀 How to Register

Step 1: Choose Your Plan

  1. Visit the Inframorph landing page
  2. Scroll down to the "Clear Pricing Makes it Easy" section
  3. Choose from three plans:
  4. Starter Plan: $29/month - Perfect for small teams
  5. Professional Plan: $99/month - For growing organizations
  6. Enterprise Plan: $299/month - Full-featured enterprise solution

Step 2: Start Registration

  1. Click "Select" on your preferred plan
  2. A registration modal will open with a 3-step process:
  3. Step 1: Account Information
  4. Step 2: Secure Payment
  5. Step 3: Account Activation

Step 3: Fill Account Information

Required Information: - Full Name: Your name for account identification - Email Address: Used for login and important notifications - Company Name: Your organization (helps with tenant setup) - Password: Must meet security requirements (see below) - Subdomain: Your unique Inframorph URL (e.g., yourcompany.inframorph.com)

Password Requirements: - ✅ Minimum 8 characters - ✅ At least 1 uppercase letter (A-Z) - ✅ At least 1 lowercase letter (a-z) - ✅ At least 1 number (0-9) - ✅ At least 1 special character (!@#$%^&*)

Agreement Required: - ✅ Terms of Service - Review our service terms - ✅ Privacy Policy - Understand how we protect your data

Step 4: Secure Payment via Paddle

  1. Payment Processing: All payments are handled by Paddle, not Inframorph
  2. Payment Methods: Credit card, PayPal, and other secure methods
  3. Trial Period: Start with a 14-day free trial
  4. No Immediate Charge: Payment occurs after trial period ends
  5. Security: Industry-leading encryption and compliance

Step 5: Account Activation

  1. Automatic Setup: Your tenant environment is created instantly
  2. Email Confirmation: You'll receive a welcome email with next steps
  3. Access Your Dashboard: Log in at https://yourcompany.inframorph.com

🛡️ Payment Security with Paddle

Why Paddle?

Inframorph never stores or processes your payment information. All payment processing is handled by Paddle, a leading payment processor trusted by thousands of companies worldwide.

Paddle Security Features:

  • PCI DSS Level 1 Certified - Highest security standard for payment processing
  • SOC 2 Type II Compliant - Rigorous security auditing
  • ISO 27001 Certified - International security management standard
  • GDPR Compliant - European data protection regulation compliance
  • 256-bit SSL Encryption - Bank-grade encryption for all transactions

What Inframorph Receives:

  • Subscription status (active, cancelled, etc.)
  • Plan information (which plan you purchased)
  • Transaction IDs (for support and reconciliation)
  • NO credit card numbers
  • NO billing addresses
  • NO payment method details

Payment Data Flow:

Your Browser → Paddle Secure Checkout → Paddle Servers → Inframorph Webhook

Your payment data never touches Inframorph servers. We only receive notification that payment was successful.

🔐 Data Security & Encryption

Password Protection

Inframorph uses Argon2 - the industry's most secure password hashing algorithm:

  • Argon2id Algorithm - Winner of the Password Hashing Competition
  • Memory-hard function - Resistant to GPU/ASIC attacks
  • Salt + Key stretching - Each password uniquely protected
  • Auto-migration - Legacy passwords automatically upgraded to Argon2

Example of what we store:

Original Password: MySecurePassword123!
Stored Hash: $argon2id$v=19$m=65536,t=3,p=4$randomsalt$hashedvalue...

We can never see your actual password - even our engineers cannot recover it.

API Keys & Credentials Protection

All your cloud provider credentials are protected with Fernet encryption:

Encryption Details:

  • Fernet Symmetric Encryption - AES-128 in CBC mode with HMAC-SHA256
  • Unique encryption key - Generated per installation, stored securely
  • Base64 encoding - Safe database storage
  • Authenticated encryption - Prevents tampering

Key Management:

  1. Environment Variable (Production): TENANT_ENCRYPTION_KEY
  2. Database Storage (Default): Encryption key stored in system_config table
  3. Automatic Generation: System creates new key if none exists

What We Encrypt:

  • 🔐 DigitalOcean API tokens
  • 🔐 AWS Access Keys and Secrets
  • 🔐 Azure Client Secrets
  • 🔐 Kubernetes cluster credentials
  • 🔐 Third-party service keys

Example Encrypted Storage:

Original: your_digitalocean_api_token_here
Encrypted: gAAAAABhkE1234567890abcdefghijklmnopqrstuvwxyz...

Multi-Tenant Isolation

Every customer's data is completely isolated:

  • Separate tenant IDs - All data tagged with unique tenant identifier
  • Database-level isolation - Foreign key constraints prevent cross-tenant access
  • Application-level checks - Every query filtered by tenant ID
  • Route-level protection - Access control on every endpoint

Infrastructure Security

  • TLS 1.2+ Encryption - All data in transit encrypted
  • Database encryption at rest - PostgreSQL with encryption
  • Secure key storage - Encryption keys protected and rotated
  • Regular security audits - Continuous monitoring and improvement

🌍 Data Location & Compliance

Data Processing:

  • Primary Data: Stored in secure cloud infrastructure
  • Payment Data: Processed by Paddle (never stored by Inframorph)
  • Backups: Encrypted and stored in secure locations
  • Logs: Anonymized and retention-limited

Compliance Standards:

  • GDPR Ready - European data protection compliance
  • SOC 2 Type II - Security controls audited annually
  • Data Processing Agreements - Available for enterprise customers
  • Right to deletion - Account and data deletion available

🛠️ Account Security Best Practices

For You:

  1. Strong Passwords - Use unique, complex passwords
  2. Enable 2FA - Set up two-factor authentication after registration
  3. Regular Access Reviews - Monitor who has access to your account
  4. API Key Rotation - Regularly rotate cloud provider credentials

What Inframorph Does:

  1. Session Management - Secure session cookies with HTTPOnly flags
  2. Failed Login Protection - Rate limiting prevents brute force attacks
  3. Activity Logging - All security events logged and monitored
  4. Regular Updates - Security patches applied promptly

🆘 Security Support

If You Have Concerns:

  • 📧 Security Email: [email protected]
  • 💬 Support Center: Create ticket with "Security" category
  • 📞 Urgent Issues: Contact support immediately for security incidents

Security Reporting:

We welcome responsible security disclosure. If you discover a security vulnerability: 1. Do NOT exploit or access other customers' data 2. Email us immediately at [email protected] 3. Provide details about the vulnerability 4. Allow reasonable time for us to fix the issue

Security Resources:

🎯 Quick Security Summary

✅ What Makes Inframorph Secure:

  • Payment processing by Paddle - We never see your payment details
  • Argon2 password hashing - Industry's strongest password protection
  • Fernet API encryption - Your cloud credentials fully encrypted
  • Multi-tenant isolation - Your data completely separate from others
  • TLS encryption - All data protected in transit
  • Regular security audits - Continuous improvement and monitoring

❌ What We Never Store:

  • Credit card numbers or payment details
  • Unencrypted passwords
  • Unencrypted API keys or credentials
  • Data from other customers in your tenant

🔒 Your security is our priority. We've built Inframorph with security-first principles to ensure your data and payments are always protected. If you have any questions about our security measures, please don't hesitate to contact us!