Legal & Trust

Security Statement

Effective 10 June 2026

How we protect the information you share with us. We describe our actual practices and do not overstate them.

Hosting and encryption

Our site and data are hosted with reputable cloud infrastructure providers. Traffic to the site is encrypted in transit using TLS, and data is encrypted at rest where our providers support it.

Access

Access to systems and to the information you submit is limited to authorized personnel on a need-to-know basis, protected by strong authentication.

Data handling

We collect only what we need for a review. Your intake answers and any documents you provide are treated as confidential, and we do not publish submitted documents. Only the result you elect to disclose appears on the public registry.

Vulnerability management and monitoring

We keep our software current and monitor for issues. We welcome security reports through our Responsible Disclosure process.

Incident response

If a security incident affects personal data, we investigate promptly and notify affected parties and regulators as required by law.

What we do not claim

We are transparent that we do not currently hold a SOC 2 or ISO/IEC 27001 certification. This statement describes the practices we actually follow, not a third-party attestation.