Shop Project - Documentation
Security & Compliance Standards
Documentation of the active security mechanisms and legal frameworks (Switzerland / EU) for the production system.
Legal Requirements & AI Act Compliance
Due to the AI Act fully coming into force in 2026, the following strict guidelines apply to handling generative media:
- Labeling Obligation for AI Media: When artificial intelligence is used for temporary placeholder images, it is transparently declared in the frontend (e.g., via the text "Visualization (AI-generated)").
- Swiss Imprint & Transparency: Ensuring a legally compliant Swiss imprint for the location Breitenbach (CH) with direct email accessibility.
- Notice-and-Take-Down: Administrative readiness to instantly remove assets from the server upon valid image complaints to preventively resolve legal conflicts.
Active Core Architecture & Technical Protection
The system follows a strict "Security-by-Design" approach and implements the following protective layers by default in the code foundation:
- Server & Directory Hardening: Consistent use of restrictive `.htaccess` files to block unauthorized direct access to system folders and core content.
- Strict Input Validation: Every form input and request undergoes an absolute verification via the modular configuration and validation grid before data is processed further.
- Consistent SQL Injection Protection: The database class `cDatabase` enforces the exclusive use of prepared statements (PDO) with bound parameters for all relational queries.
- Cryptographic Password Protection: User passwords are never processed in plain text; instead, they are securely stored in the database using state-of-the-art, native PHP hashing algorithms.
- Fine-Grained Access Control: Isolation of critical system areas and routes through the dedicated security and authentication services `cSecurity` and `cAccess`.