Security Overview

Security approach

We follow a defense-in-depth strategy combining monitoring, prevention, and rapid response.

• Security reviews for every new feature, including threat modeling and dependency scanning.
• Least-privilege access controls with enforced MFA for employees and contractors.
• Continuous logging and anomaly detection across our infrastructure.

Technical controls

• Encryption in transit (TLS 1.2+) and encryption at rest for primary databases and backups.
• Isolated production networks with automated patch management and configuration baselines.
• Regular penetration tests and dependency audits to identify vulnerabilities.

Operational practices

We document procedures for onboarding, offboarding, change management, and vendor reviews.

All team members complete annual security and privacy training.

Incident response

Our on-call team monitors 24/7. When an incident is confirmed we classify severity, contain impact, notify affected customers, and conduct a post-mortem.

Shared responsibility

Customers should configure role-based access, keep API keys secret, and enable MFA wherever possible.

Report suspected vulnerabilities to zhengkinson@gmail.com and we will respond quickly.