Trust

Security & disclosure

We take the security of Everguardly seriously. This page describes our baseline controls and how to responsibly disclose any vulnerabilities you may find.

Baseline controls

  • TLS 1.3 in transit on every public endpoint (Cloudflare-managed).
  • Encryption at rest for all databases (Neon-managed Postgres).
  • Bcrypt password hashing with strong policy (min 12 characters).
  • Rate limiting and lockout on authentication endpoints.
  • Row-level multi-tenancy isolation between accounts.
  • Audit logging for sensitive actions.

Responsible disclosure

If you believe you have found a security issue, please email security@everguardly.com with a clear description and reproduction steps. We respond within 72 hours and will credit you in our disclosure log once a fix has shipped.

GDPR & data subject rights

EU customers can request a full data export or hard account deletion from the dashboard once V1 ships. Requests are completed within 30 days as required by GDPR Article 15 (access) and Article 17 (erasure).

This page summarises Everguardly's security practices and will continue to expand over time.