Security

We take a defense-in-depth approach to protect our infrastructure, data, and users. This page summarizes our technical and organizational measures.

Infrastructure and Network Security

• Cloud-first architecture with provider-managed physical security and segmentation.
• Network isolation, least-privilege access, and hardened images.

Data Protection (At Rest and In Transit)

• Encryption in transit with TLS.
• Encryption at rest provided by cloud storage and database services.
• Key management follows provider best practices.

Access Controls and Authentication

• Role-based access control; least-privilege and need-to-know.
• Strong authentication with MFA for administrative access.
• Periodic access reviews and revocation on role change or departure.

Vulnerability Management and Patching

• Regular dependency updates and image refresh.
• Routine scanning and remediation based on severity.

Logging, Monitoring, and Incident Response

• Centralized logging and alerting for security-relevant events.
• Defined incident response process: detection, triage, containment, eradication, recovery, and post-incident review.

Backups and Business Continuity

• Regular backups of critical data and configuration.
• Periodic restore testing and continuity planning for key services.

Responsible Disclosure

If you believe you’ve found a vulnerability, please report it responsibly. Provide enough detail to reproduce the issue. We appreciate coordinated disclosure. Contact us via the Contact page.