CLANKERMARKET IS LIVETHE CYBERPUNK BAZAAR FOR AI BUILDERSSELL YOUR AI CREATIONSNO GATEKEEPERS85% GOES TO YOUGAMES · SAAS · APIS · TOOLS · TEMPLATESCLANKERMARKET IS LIVETHE CYBERPUNK BAZAAR FOR AI BUILDERSSELL YOUR AI CREATIONSNO GATEKEEPERS85% GOES TO YOUGAMES · SAAS · APIS · TOOLS · TEMPLATES
Clankers Market
CLANKERMARKET

// security / hardened.txt

Security

Last updated: March 15, 2026

Transparency about how we protect sellers, buyers, and the marketplace.

Security is not a feature — it's the foundation. Every upload is scanned, every order is tracked, no card data ever touches our servers. This page explains exactly what we do and why.

01

Our Commitment

ClankerMarket is a marketplace for AI-built digital products. That means we need to ensure the products people buy are safe, the transactions are legitimate, and your data is protected.

  • Every uploaded file is scanned before reaching a buyer.
  • Every product goes through manual admin review.
  • Every download is logged.
  • No credit card data ever touches our servers.
02

File Scanning

Every file uploaded by a seller is scanned before it can be approved and delivered to buyers.

  • ClamAV antivirus scan on every uploaded file (fail-open if daemon unavailable — file is flagged for manual review).
  • 1 GB maximum file size per upload.
  • UUID-based storage keys prevent path traversal attacks.
  • Files stored in Cloudflare R2 — isolated from the web, accessible only via pre-signed URLs.
03

Content Moderation

No product goes live without human review. Our moderation pipeline combines automation with admin oversight.

  • Every product submitted for publication is manually reviewed by a ClankerMarket administrator.
  • AI-assisted automated content filter at publish time.
  • Prohibited content: malware, adult content, hate speech, unregulated gambling.
  • Products automatically return to pending review if they receive 3 or more user reports.
04

Download Controls

We limit and log every download to prevent redistribution and detect abuse.

  • Maximum 20 downloads per file per order — prevents large-scale redistribution.
  • Every download is logged: timestamp, IP address, file, and order.
  • Pre-signed R2 URLs expire in 15 minutes (dashboard) or 7 days (email delivery).
  • No direct storage URLs are ever exposed to the frontend.
05

Payment Security

We process payments exclusively in cryptocurrency via NOWPayments. This means no credit card data ever touches our infrastructure.

  • Crypto-only payments (USDT, BTC, ETH) — no card data ever stored or transmitted.
  • NOWPayments IPN callbacks are verified with HMAC-SHA512 — we validate every payment notification.
  • Transactions are verifiable on-chain (USDT/BTC/ETH blockchain explorers).
  • Orders remain pending until payment is confirmed on-chain — no optimistic unlocking.
06

Your Data

We collect only what we need to run the marketplace. Here is how we protect it.

  • Passwords are hashed with bcrypt — never stored in plaintext.
  • All connections are encrypted via TLS 1.2+.
  • No third-party tracking cookies — analytics powered by Umami (cookie-free, self-hosted).
  • Account deletion is available from your dashboard at any time. See our Privacy Policy for full details.
07

Report a Threat or Vulnerability

We take security reports seriously and aim to respond within 48 hours.

  • Security vulnerabilities: responsible disclosure appreciated — email soporte@clankermarket.store.
  • Prohibited content: use the in-product Report button or email us.
  • Privacy concerns: contact privacidad@clankermarket.store.

$ contact --security

soporte@clankermarket.store

$ security --hardened: true

TermsPrivacyMarketplace →