Security

Security posture

Security practices may include access control, least privilege, authentication controls, encrypted transport where applicable, backups where applicable, logging and monitoring where applicable, dependency maintenance, and separation of sensitive workflows from general public forms.

Responsible disclosure

If you believe you found a security issue, report it through the support or contact route with enough detail to reproduce the concern. Do not access private data, disrupt service, persist access, publicly disclose before remediation, or test beyond the minimum needed to demonstrate impact.

What to include

• Affected URL or service.
• Steps to reproduce.
• Potential impact.
• Your contact information if you want follow-up.
• Whether any data may have been exposed.

Not permitted

Unauthorized scanning, exploitation, credential attacks, scraping, malware, social engineering, physical attacks, denial-of-service testing, and access to data that is not yours are prohibited.

No sensitive infrastructure details

This page intentionally does not disclose detailed infrastructure, provider, network, or internal security architecture information.

Security limitations

No website, prototype, dashboard, API, or service can be guaranteed perfectly secure. Security controls may vary by service, client agreement, and deployment stage.