Security
Security at Dina Innovations
Technical and operational security measures for DinaHub and our infrastructure.
Security is a core priority for Dina Innovations. DinaHub handles user authentication, communication data, and community interactions. We apply layered technical and operational controls. No system is entirely free of risk—we document the measures we implement and improve them continuously.
Authentication
Access to protected resources on DinaHub requires authentication. Supported methods include email-based sign-in with verification and optional Google Sign-In. Sessions are managed using industry-standard token mechanisms, including JSON Web Tokens (JWT) where applicable, with expiration and validation on protected endpoints.
Email verification
Email sign-in on DinaHub requires email verification to reduce fraudulent account creation and improve account recovery integrity.
Encryption
Data is encrypted in transit using TLS (HTTPS). Passwords are stored using appropriate hashing and salting. Encryption at rest depends on cloud provider and data store configurations for each service.
Device and session security
Session tokens are validated on requests to protected endpoints. Users can sign out to invalidate active sessions. We monitor for anomalous authentication patterns as part of abuse prevention.
Rate limiting and abuse prevention
API endpoints and authentication flows on DinaHub are subject to rate limiting to mitigate brute-force attacks, spam, and automated abuse.
Infrastructure security
Infrastructure is hosted on established cloud providers with network controls, access restrictions, and environment separation between development, staging, and production.
Monitoring and incident response
We maintain logging and monitoring for critical services. Security incidents are triaged according to internal procedures. Users may be notified when required by law or when an incident poses material risk to personal data.
Responsible disclosure
We welcome responsible reports of security vulnerabilities. See our dedicated Responsible Disclosure page for scope, reporting instructions, and our commitments. Reports can also be sent to security@dinainnovations.com.
Google Sign-In
DinaHub (https://web.dinahub.live), operated by Dina Innovations, supports Google Sign-In as an authentication method. Google Sign-In is used only for authentication—to verify your identity and create or access your DinaHub account. We do not use Google Sign-In to access unrelated Google services on your behalf.
What we collect via Google Sign-In
When you choose Google Sign-In on DinaHub, we receive only:
- Your name (as provided by Google)
- Your verified email address
- Your profile picture (if available from your Google account)
What we do not access
Google Sign-In does not grant Dina Innovations access to:
- Gmail or the contents of your email
- Google Drive or your files
- Google Contacts
- Google Calendar
- Google Photos
- YouTube or any other Google services
Why we use Google Sign-In
Google Sign-In provides a secure and familiar way to authenticate on DinaHub. It allows you to sign in without creating a separate password while enabling us to verify ownership of your email address through Google's identity services.
Account linking
When you sign in with Google, your Google account identifier is linked to your DinaHub account. If you later add email-based sign-in to the same account, both methods may resolve to a single account where supported. You can review linked sign-in methods under Profile → Settings on DinaHub.
Account deletion and data retention
You may delete your DinaHub account at any time. After deletion, we remove or anonymize associated personal data within 30 days as described on our Delete Account page and in our Privacy Policy. Your Google Sign-In linkage is revoked upon account deletion. Limited data may be retained where required by law, for fraud prevention, or to resolve disputes—as disclosed in our legal documents.
Where this applies
This disclosure applies to Google Sign-In on DinaHub (https://web.dinahub.live). This corporate website (https://dinainnovations.com) does not use Google Sign-In.
Related: Privacy Policy · Delete Account