Security Statement
How we protect the information you share with us. We describe our actual practices and do not overstate them.
Hosting and encryption
Our site and data are hosted with reputable cloud infrastructure providers. Traffic to the site is encrypted in transit using TLS, and data is encrypted at rest where our providers support it.
Access
Access to systems and to the information you submit is limited to authorized personnel on a need-to-know basis, protected by strong authentication.
Data handling
We collect only what we need for a review. Your intake answers and any documents you provide are treated as confidential, and we do not publish submitted documents. Only the result you elect to disclose appears on the public registry.
Vulnerability management and monitoring
We keep our software current and monitor for issues. We welcome security reports through our Responsible Disclosure process.
Incident response
If a security incident affects personal data, we investigate promptly and notify affected parties and regulators as required by law.
What we do not claim
We are transparent that we do not currently hold a SOC 2 or ISO/IEC 27001 certification. This statement describes the practices we actually follow, not a third-party attestation.