VOVOHO policy
Platform & Data Security
How VOVOHO protects buyer inquiry data, admin access, document storage, and form submissions across the website.
How buyer inquiries are protected
Inquiry and quote request forms on this website use server-side validation, input sanitization, and secure data transmission (HTTPS). Submitted data is stored in a managed database (Supabase) with row-level access controls.
Your inquiry details are accessible only to authorized VOVOHO team members. They are not exposed to other buyers, public APIs, or third-party marketing systems.
Admin area access
The website administration area — used by VOVOHO to manage product listings, inquiries, blog content, downloads, and certifications — is protected by login authentication and server-side session checks.
If you arrive at an admin URL without authorization, you will be redirected to a login page. These routes are not intended for buyer access and contain no buyer-relevant content.
Documents and file access
Certificates, catalogs, specification sheets, and media kit files are served through controlled file storage. Documents marked as publicly available are accessible via direct download links shown on product and resources pages.
Confidential project files, custom artwork, engineering drawings, and brand-specific documents are not stored at public URLs and are not discoverable through this website.
Form and API protection
Inquiry and quote endpoints are protected against automated submissions and abuse through rate limiting, spam detection, and server-side validation. This protects the quality of buyer communication and ensures your contact information is not exposed through form abuse.
Credentials and environment security
Database credentials, API keys, storage tokens, admin passwords, and deployment secrets used to operate this website are stored as server-side environment variables. They are never exposed in browser code, HTML output, public pages, or downloadable files.
Third-party infrastructure
This website uses Vercel for hosting and edge deployment, and Supabase for database and file storage. Both providers maintain their own security practices, infrastructure certifications, and data handling agreements.
We review our integration configuration and access controls regularly as the platform evolves.
Reporting a security concern
If you discover a security vulnerability, misconfiguration, or unintended data exposure on this website, please contact us directly using the details on our Contact page. We take security reports seriously and will investigate promptly.
We do not operate a formal bug bounty program but we will acknowledge responsible disclosure.