Github is merely the repository for the code. There is no personal data or enterprise data stored on Github. OFN is a regular github user and our code is open source.
OFN stores no bank account or credit card detail of any customer or producer. This is currently held solely by proprietary payment gateway software (like Paypal and soon Stripe).
All access to servers is encrypted, regarding web traffic we use today HTTPS. No use of unencrypted FTP or SMTP services. Data exchange between the client and the server are fully encrypted in TLS to protect users data confidentiality.
Regarding system admin access, you need to use SSH keys (asymetric key RSA4096 (or ECDSA) AES256-CBC) and authentication (login) with a password is disabled. An additional protection by a symmetric key AES256 is not required.
The data of the website (database like customer infos, products, etc. + files like images, etc.) is backed-up daily on an external server with a one month retention to ensure we can restore almost 100% of site data in case of emergency.
You can find a full overview of OFN security measures here: