Legal

Security & Disclosure

Data Handling Principles

All client interactions are handled with strict data hygiene. No credentials, API keys, or production access tokens are requested or transmitted through any form on this site or its subdomains.

Form Submissions

Form data is transmitted over HTTPS and processed server-side. Honeypot fields and rate limiting are used to prevent automated abuse. No financial information is collected through any form.

Third-Party Services

• Resend — Transactional email delivery
• Umami — Privacy-focused analytics (no cookies, no PII)
• Cloudflare — DNS, CDN, and optional Turnstile bot protection
• Hostinger — Static file hosting

No third-party service has access to form submission content beyond what is required for delivery.

Client Data Separation

Project work is performed in isolated environments. Client codebases, infrastructure credentials, and proprietary data are never co-mingled across engagements. Production access requires explicit written agreement.

Portfolio & Public Content

• Screenshots may reflect redacted or synthetic data fields
• Architecture diagrams may be abstracted for confidentiality
• Live streams may include placeholder credentials or test data
• No production system access is demonstrated without prior authorization

Responsible Disclosure

If you discover a security vulnerability on any of my sites, please report it through the inquiry form with “Security Disclosure” in the description. I take all reports seriously and will respond promptly.

No Autonomous Actions

Consistent with the principles of practice outlined on the main site: no autonomous financial or legal action is taken without explicit human approval. Every system output is reviewable, every decision auditable, every threshold explicit.