// security
Security is infrastructure, not a feature
We treat security as a first-class engineering discipline — not a checkbox. Here's how we protect your data and your users.
Security practices
Encryption at rest & in transit
All data encrypted with AES-256 at rest. TLS 1.3 enforced for all connections. API keys are hashed with bcrypt before storage.
Compliance-ready architecture
Designed to support [CUSTOMISE: your compliance commitments, e.g. SOC 2 Type II]. Annually audited by a third-party firm. Our security controls are tested across availability, confidentiality, and processing integrity.
Zero-trust network architecture
Every internal service authenticates every request. No implicit trust based on network location. mTLS between all microservices.
Vulnerability disclosure programme
We run a responsible disclosure programme. Security researchers who find and responsibly report issues are recognised and rewarded.
Report a vulnerability
If you discover a security vulnerability, please email security@yourbrand.com. Do not open a public GitHub issue. We'll respond within 24 hours and work with you to resolve the issue quickly.
PGP fingerprint for encrypted reports:
A3F2 91B4 C8D7 E5F0 1234 5678 9ABC DEF0 1234 5678