Trust

This section documents the commitments that govern engagements: how we secure code and operations, how we handle customer data, how we respond to vulnerability reports, and how we approach compliance.

In this section

• Security — cryptographic baseline, key management, secret handling, access controls, incident notification.
• Vulnerability disclosure — how to report a security issue and what to expect in response.

Related

• Defect liability — commercial structure for defects we cause.
• Quality standards — the engineering rules that produce the security posture documented here.

Coming soon

• Data handling — where customer code and data live during an engagement; AI-tooling boundaries; data destruction at termination.
• Compliance — controls we engineer to (NIST SP 800-53, OWASP ASVS, ISO/IEC 25010) and how they map to common audit regimes.

For commercial terms (cure windows, refund mechanics, liability cap), see engagement models. For the engineering rules under which security controls are produced, see how we work and quality standards.