Security & Trust
Security & trust.
Security is what we do, so it applies to this website too. Here is exactly how your environment, your data and this site are handled - and how to report an issue.
Access & data
How I handle your access & data.
Trust starts with how your environment is touched. The same discipline applies on every engagement, from the first assessment onward.
- ✓Least-privilege, read-only access - granted by you, scoped to what's needed.
- ✓Time-boxed and revoked the moment the work is done.
- ✓Nothing is changed without your explicit sign-off.
- ✓Sensitive data kept in the EU/EEA; no third-party model training.
This website
- ✓No third-party trackers, marketing pixels or advertising networks.
- ✓Only two functional first-party cookies (theme, language); no consent banner is required under § 25 TDDDG.
- ✓Fonts are served locally - the browser makes no third-party font requests.
- ✓The assessment form is protected by a same-origin check, a honeypot field and per-IP rate-limiting.
Sub-processors
Third parties that may process personal data on our behalf. Full legal detail lives in the Privacy Policy.
Slack (Slack Technologies LLC / Salesforce)
Delivery of assessment-form submissions to an internal inbox.
Art. 28 GDPR · EU-US DPF (Art. 45) + SCCs (Art. 46).
Hosting provider
Serving this website; technically necessary server logs (≤ 30 days).
Art. 28 GDPR · named on request at [email protected].
Compliance positioning
- ✓We prepare organisations for SOC 2, ISO 27001, GDPR and DORA - readiness, evidence and controls.
- ✓We do not issue certifications: only an accredited body or licensed CPA firm can do that.
Responsible disclosure
Found a security issue? Please email us at [email protected] and allow reasonable time to respond before public disclosure. Our machine-readable contact is published at /.well-known/security.txt (RFC 9116).