Security Practices
This document outlines our baseline technical and organizational controls for account, data, and service security.
1. Baseline Security Controls
We apply encryption in transit, access controls, secure defaults, and defensive input validation across service boundaries.
Security checks are integrated into deployment and release workflows.
2. Account and Identity Protection
Authentication controls include session protections, password hashing, and verification workflows for sensitive actions.
Suspicious login or account activity may trigger additional verification or temporary restrictions.
3. Monitoring and Incident Response
We monitor infrastructure and application signals for reliability, abuse, and security anomalies.
When incidents occur, we investigate, contain, remediate, and document corrective actions.
If a material incident affects personal data, notifications are issued as required by applicable law.
4. Vulnerability Disclosure
Report suspected vulnerabilities to support@saasfolk.com with reproduction details, affected endpoints, and impact estimate.
Do not publicly disclose unresolved vulnerabilities before remediation or approval.
Contact and Legal Requests
For legal notices, data requests, or policy questions, contact support@saasfolk.com. Please include your account email and affected URL when relevant.