Role-based access (RBAC)
Nine roles — admin, ops_manager, client, transport, hotel, tickets, media, accounting, viewer — each with scoped request and service visibility.
Command palette
Jump to any page, FAQ entry or change the language.
Jump to any page, FAQ entry or change the language.
Trust centre
Operated by Czech Basketball Federation (CBF)
Nine roles — admin, ops_manager, client, transport, hotel, tickets, media, accounting, viewer — each with scoped request and service visibility.
Versioned legal documents, Google Consent Mode v2, granular access-request consents, full record of consent state per user.
Every export, quote change, client update, status flip and admin action is recorded with actor, target, IP and timestamp.
Production on Vercel with an EU-region PostgreSQL database (Neon). Restricted data tier enforces short-lived sessions.
Form posts validated; untrusted origins rejected on sensitive routes; suspicious user agents blocked on API.
Upstash limits on auth, exports, support chat and bulk operations. Per-IP and per-account.
TLS in transit, HSTS preload, strict referrer policy. Secrets supplied only via environment variables; never embedded in client code.
In restricted tier, administrative roles can only sign in from approved networks. Anything else is logged and blocked.
Data Processing Agreement template ready for federation legal review. Sub-processors are listed in /security/gdpr.
Health endpoint, pilot onboarding checklist, production runbook and pen-test report on file.
security.txt published. Reports go to the operations director within four hours of receipt.
Security posture reviewed every quarter — penetration tests, vendor recertification, role audit.
More from ČBF