We hold our own security posture to the same rigour we apply to client assessments. Below is what is in place — documented transparently, with no overstated claims.
Independent registry
CSA STAR Level 1 — listed in the Cloud Security Alliance STAR Registry, based on the CAIQ/CCM self-assessment. This is a self-assessment, not a third-party certification.
Application security
OWASP ASVS v5.0 Level 1 — internal self-verification completed against the Application Security Verification Standard. OWASP does not certify; this is a self-verification.
Enforced Content-Security-Policy, HSTS preload, X-Frame-Options DENY, and a full set of modern HTTP security headers.
Layered anti-automation on contact endpoints: honeypot, application rate-limiting, and Cloudflare edge rate-limiting.
Secure disclosure
A published /.well-known/security.txt (RFC 9116) with a PGP key for encrypted vulnerability reports.
A public Vulnerability Disclosure Policy and Security Advisories page.
Data protection
ISO/IEC 27001:2022 readiness self-assessment completed (internal; certification is not claimed).
GDPR / DSGVO data-protection and technical & organizational measures (TOM) review completed. No third-party trackers or analytics. Records of processing and subprocessors are documented.
Operational security
TLS everywhere via Cloudflare; secrets held in a dedicated vault; offsite source backups; reviewed, rollback-safe deployments.
This page describes internal self-assessments and readiness reviews, not third-party certifications. For verification or to reach our security team, see our security.txt or contact us.
See it in action
Submit a target URL and receive a complimentary intelligence assessment within 24 hours.