Programs
Connect Program
The SafeSide Program
CAMS Treatment
Restore Network
Get Quote
About
Careers
Resources
Articles
Podcast
Contact
Support
Login
Programs
Connect Program
The SafeSide Program
CAMS Treatment
Restore Network
Get Quote
About
Careers
Resources
Articles
Podcast
Contact
Support
Login

How do I know my SafeSide account is secure?

Although your SafeSide account does not contain sensitive information about you, we take security seriously and work to ensure a safe and secure platform. Please also review our Privacy Policy for additional information about how information about you, like your name or email address, is stored and used to provide personalized experience.

SafeSide accounts, which are hosted on web servers in Sydney Australia, are protected with the following security measures:

SafeSide uses PDO for all database queries, and all dynamic values are parameterized, helping prevent SQL injection attacks.

Our account system validates sensitive cookie data using a private key to ensure request cookies have not been tampered with.

Our account system uses CSRF token validation by default to help prevent CSRF attacks.

Twig automatically escapes HTML entities that are dynamically output by default, helping avoid XSS attack vectors.

Untrusted HTML is sanitized with HTML Purifier by default.

Untrusted SVG documents are sanitized with SVG Sanitizer by default.

Uploaded file names are cleansed, and images are resaved on upload to ensure any malicious code embedded within the image is stripped away.

Sensitive information such as passwords and security keys are redacted from error messages and logs.

We temporarily lock user accounts after too many unsuccessful login attempts by default.

We require that users have re-entered their current password within the past 5 minutes by default, before performing potentially-malicious actions including changing emails or passwords or assigning new user roles, groups, or permissions.

Our system stores the user agent string in identity cookies by default, helping avoid session/cookie hijacking.

Our system will deny all requests to start a session that don’t present a user agent string or IP address, helping prevent direct socket connections.

Our site requires PHP 8.0+.

We use OpenSSL to generate cryptographically-secure email verification codes, password reset tokens, and other strings.

Our account system uses the native PHP password_hash() method if it is available, which defaults to the blowfish algorithm, arguably the most secure and reliable method of password encryption. If it is not available, it will use PHP’s native crypt() method using the blowfish algorithm with a strong, cryptographically-secure random salt.

Session cookies are set to HTTP only.

Our accounts use time-safe methods for sensitive comparisons like checking the equality of password hashes, helping prevent timing attacks.

Acknowledgement of Country
SafeSide Prevention acknowledges the Traditional Custodians of the lands on which we live and work. We recognise and respect that Aboriginal and Torres Strait Islander People are the First Peoples and Traditional Custodians of this country. We pay our respects to Elders past, present and emerging and extend that respect to all Aboriginal and Torres Strait Islander Peoples

Acknowledgement of Lived Experience
We acknowledge the lived experience of those with suicide and mental illness, their families and carers. Their preferences, wishes, needs, and aspirations are at the heart of all the work we do.

Suicide Prevention Lifeline

AUS: 13 11 14

Programs
Resources
Company

© 2025 SafeSide Prevention | Brisbane QLD, Australia