Security Practices

We operate the public site with security-focused operational controls intended to reduce avoidable risk, support reliability, and maintain auditability around changes, access, and production behavior.

Our approach is informed by access governance, change discipline, least-necessary exposure, and incident response practices that support a SOC 2-aligned operating posture without claiming certification.

Administrative access is intended to be limited to authorized personnel with a business need. Secrets and environment configuration are managed separately from public code, and public submissions are routed through controlled service boundaries rather than exposed directly in the client.

Production changes are validated through build and deployment workflows to reduce accidental exposure, broken routing, or avoidable operational drift.

We use service logs, platform telemetry, and operational review to detect delivery issues, misuse, or unexpected behavior affecting the site and contact workflow.

If a credible security or operational incident is identified, we investigate, contain, remediate, and follow up based on severity, impact, and the need to restore stable service.

If you believe you have identified a security issue affecting this site, please use our contact page and clearly label the message as a security disclosure. Please do not attempt destructive testing, service disruption, or data exfiltration.

No internet-facing system can be guaranteed to be fully secure or continuously available. This page describes our operating approach, not a warranty, certification claim, or guarantee against all incidents.