Security
Security controls matched to each project.
We apply practical safeguards based on the product, data involved, hosting environment, and agreed scope.
Security controls
Infrastructure
Hosting controls and network protection depend on the selected deployment environment.
Application
Supported APIs use validation, session protections, CSRF checks, and abuse controls.
Identity
Role-based access and session handling are implemented where the product requires accounts.
Data
Access is limited to what the service needs, with backup options defined by the hosting plan.
Monitoring
Operational logs and admin audit trails are used where they are available in the product.
People and process
Project access is limited to team members who need it for delivery or support.
Engineering practices
- Input validation for public forms and APIs
- CSRF protection for state-changing API requests
- Rate limiting and duplicate-submit protection
- Secure session cookie configuration
- Role checks for administrative endpoints
- Dependency and code review during delivery
- HTTPS configuration for production
- Security scope documented before launch
Report a vulnerability
Send the affected URL, clear reproduction steps, and your contact details. Do not include sensitive customer data.