Security at 4-Court

Your dealership data is your business. We've built 4-Court with security at every layer to keep it protected.

Role-Based Access Control

Control exactly who can see and do what within your dealership.

4-Court uses a strict role hierarchy to ensure staff only access what they need. Each role has carefully defined permissions:

Owner

Full system access including billing, user management, and all business data.

Manager

Manage staff, view reports, and oversee daily operations without billing access.

Sales Staff

Access to sales records, customer information, and inventory viewing.

Office Staff

Inventory management, documentation, and administrative tasks.

Accountant

Read-only access to financial data, reports, and billing information for accounting purposes.

Two-Factor Authentication

Add an extra layer of protection to your account.

Protect your account with two-factor authentication (2FA) using authenticator apps like Google Authenticator, Authy, or Microsoft Authenticator. When enabled:

  • A unique code is required at each login in addition to your password
  • Backup codes are provided for account recovery
  • Even if your password is compromised, your account remains secure

Comprehensive Audit Logs

Full visibility into who did what and when.

Every significant action in 4-Court is logged for accountability and compliance. Audit logs capture:

Security Events

  • - Successful and failed login attempts
  • - Password changes and resets
  • - Two-factor authentication changes
  • - Session activity and logouts

Business Events

  • - User account changes
  • - Subscription and plan changes
  • - Location additions and removals
  • - Customer data access

Audit logs include timestamps, IP addresses, and user details for complete traceability. Owners and managers can view security logs for their staff.

Brute Force Protection

Automatic protection against unauthorized access attempts.

4-Court automatically detects and blocks suspicious login activity:

  • Accounts are temporarily locked after multiple failed login attempts
  • Suspicious IP addresses are blocked from further attempts
  • Automatic cooldown periods prevent rapid-fire attacks

Strong Password Requirements

Enforced password policies to keep accounts secure.

All passwords must meet our security requirements:

  • Minimum 8 characters
  • At least one uppercase and one lowercase letter
  • At least one number
  • Cannot be a commonly used password
  • Cannot contain your name or email

Password reset links expire after 15 minutes for added security.

Session Management

Intelligent session handling to protect your account.

  • Automatic logout after periods of inactivity
  • Session hijacking detection monitors for suspicious activity
  • All sessions are terminated when a password is changed
  • Deactivated accounts are immediately logged out everywhere

Infrastructure Security

Enterprise-grade protection for your data.

Encryption

All data is encrypted in transit using TLS 1.2+ (HTTPS). Sensitive data is encrypted at rest.

Security Headers

Comprehensive HTTP security headers protect against XSS, clickjacking, and other common attacks.

CSRF Protection

All forms are protected against cross-site request forgery attacks.

Secure Cookies

Session cookies are HTTP-only and secure, preventing theft via JavaScript or insecure connections.

Your Data, Your Control

We believe your business data belongs to you.

  • Export your data at any time, no questions asked
  • Customer data access is logged for GDPR compliance
  • Sensitive parameters are filtered from all logs
  • We never sell or share your data with third parties

Have Security Questions?

We take security seriously. If you have questions about how we protect your data, we're here to help.

Contact Us