Security & Compliance

At BlastCAD, we understand that drill patterns, blast designs, and site data are highly sensitive intellectual property. We have architected our platform from the ground up with enterprise-grade security protocols to ensure your data remains strictly confidential and highly available.

1. Data Protection & Encryption

• Data in Transit: All communications between your browser and our servers are encrypted using industry-standard TLS 1.3 (Transport Layer Security) enforced by our edge network. We do not allow unencrypted (HTTP) connections.
• Data at Rest: Sensitive user credentials, including passwords, are never stored in plaintext. We utilize strong, salted cryptographic hashing (bcrypt) to secure your authentication data.

2. Authentication & Access Control

• Two-Factor Authentication (2FA): We natively support Time-based One-Time Passwords (TOTP). Users can link their accounts to authenticator apps to add a critical layer of defense against compromised passwords.
• Secure Sessions: Authentication is handled via short-lived JSON Web Tokens (JWT). Sessions automatically expire, and all tokens are cryptographically signed to prevent tampering.
• Role-Based Access Control (RBAC): Strict logical separation exists between standard users and organizational administrators, ensuring users only access data and features provisioned for their role.

3. Network & Edge Security

BlastCAD utilizes Cloudflare’s global edge network to sit between the public internet and our core application servers, providing multiple layers of active defense:

• Web Application Firewall (WAF): Our WAF actively monitors and blocks malicious traffic, including SQL injection attempts, cross-site scripting (XSS), and zero-day vulnerabilities.
• DDoS Mitigation & Rate Limiting: We employ strict rate-limiting rules on critical endpoints (such as login and registration) and active Bot Fight Mode to prevent brute-force attacks and credential stuffing.

4. Application Architecture

• Crash Recovery & Local Processing: To maximize performance and security, heavy 3D rendering and computations happen directly in your browser. Auto-save features utilize local IndexedDB storage, ensuring your unsaved designs are safe even during unexpected network disconnects.
• API Security: Our backend architecture strictly enforces Cross-Origin Resource Sharing (CORS) policies, ensuring our API only responds to requests originating from verified BlastCAD domains.

5. Privacy & Data Ownership

We are a software provider, not a data broker. The drill data, explosive configurations, and analytical models you upload or create belong entirely to you. We do not sell your data to third parties, nor do we use your proprietary mine data to train public AI models. For more details, please review our Privacy Policy.

6. Compliance

BlastCAD continuously aligns its infrastructure and operational procedures with global data protection standards. While currently in public beta, our foundational architecture is designed to support GDPR and Australian Privacy Principles (APP) compliance requirements.