Security & Trust
We describe practices in compliance-friendly language and avoid unverifiable claims. Replace/extend with your real controls.
Email authentication
- SPF
- DKIM
- DMARC
Data handling policy
- No sensitive data by default
- Clear boundaries and redaction options
Encryption
- At rest (where supported)
- In transit (TLS)
Access control
- Least privilege
- Role-based access
- Audit-friendly logs
Incident response (light)
- Notification workflow
- Containment guidance
- Post-incident review