Trust center
Transparency commitments for clients and partners.
Data handling
Source code and credentials are handled under engagement-specific agreements. Default posture is least-privilege repository access, encrypted sharing where available, and no public disclosure without approval.
Responsible disclosure
Critical vulnerabilities are coordinated with project teams before publication. We support embargo periods aligned with deployment risk and user safety.
Limitations
Audits are time-bounded assessments; they reduce but cannot eliminate risk. Formal guarantees apply only where explicitly proven for defined models.