Security & Trust

Security & trust.

Security is what we do, so it applies to this website too. Here is exactly how your environment, your data and this site are handled - and how to report an issue.

Access & data

How I handle your access & data.

Trust starts with how your environment is touched. The same discipline applies on every engagement, from the first assessment onward.

  • Least-privilege, read-only access - granted by you, scoped to what's needed.
  • Time-boxed and revoked the moment the work is done.
  • Nothing is changed without your explicit sign-off.
  • Sensitive data kept in the EU/EEA; no third-party model training.

This website

  • No third-party trackers, marketing pixels or advertising networks.
  • Only two functional first-party cookies (theme, language); no consent banner is required under § 25 TDDDG.
  • Fonts are served locally - the browser makes no third-party font requests.
  • The assessment form is protected by a same-origin check, a honeypot field and per-IP rate-limiting.

Sub-processors

Third parties that may process personal data on our behalf. Full legal detail lives in the Privacy Policy.

Slack (Slack Technologies LLC / Salesforce)

Delivery of assessment-form submissions to an internal inbox.

Art. 28 GDPR · EU-US DPF (Art. 45) + SCCs (Art. 46).

Hosting provider

Serving this website; technically necessary server logs (≤ 30 days).

Art. 28 GDPR · named on request at [email protected].

Compliance positioning

  • We prepare organisations for SOC 2, ISO 27001, GDPR and DORA - readiness, evidence and controls.
  • We do not issue certifications: only an accredited body or licensed CPA firm can do that.

Responsible disclosure

Found a security issue? Please email us at [email protected] and allow reasonable time to respond before public disclosure. Our machine-readable contact is published at /.well-known/security.txt (RFC 9116).

Read the full Privacy Policy
Questions about how we handle security?Book the assessment ↗