SECURITY & COMPLIANCE
Posture, not promises.
Where a certification is in progress we say so. Where one is on the roadmap we say so. The site does not over-claim.
POSTURE
Nine controls. Each one published with its real status.
Encryption
TLS 1.3 in transit. AES-256 at rest.
SOC 2 Type II
In progress. Do not infer issuance until publicly attested.
ISO/IEC 27001
On the roadmap.
eIDAS 2.0
Stage 1 conformance. Stage 2 pending; publication conditioned on regulator confirmation.
GDPR
Controller / processor structure documented; DPA available on request.
Sub-processors
Published list, kept current. Material changes notified per DPA.
Vulnerability disclosure
security.txt published. Coordinated disclosure encouraged.
Penetration testing
Annual cadence; additional pre-release tests for major versions.
Incident response
Documented SLA, customer-facing within 24 hours.
Talk to security.
Procurement, threat-model review, or pen-test coordination? We will route directly.
FROM PROMPT TO PROOF.