Role-scoped access
Portal access is tied to named members, defined roles, property scope, activation dates, expiration, and revocation controls.
We document the safeguards behind our client portal and operating systems, test changes before release, preserve evidence, and communicate our assurance status without overstating it.
Security is handled as an operating discipline: access, testing, recovery, accountability, and transparent reporting.
Portal access is tied to named members, defined roles, property scope, activation dates, expiration, and revocation controls.
HTTPS, secure cookies, browser security headers, anti-framing rules, and restricted browser capabilities protect portal sessions.
Security controls carry owners, evidence, verification dates, due dates, and a recorded activity history.
Locked dependencies, automated tests, linting, vulnerability audits, and production builds are part of the release gate.
Database and uploaded-file backups are encrypted, retained off site, and governed by a documented recovery procedure.
Documented response procedures cover triage, evidence preservation, containment, recovery, communications, and corrective actions.
These results describe the reviewed production release as of July 14, 2026. They are evidence snapshots, not promises that risk can be eliminated.
We do not display certifications, seals, or audit claims that have not been independently earned.
A documented control register, evidence ledger, owners, due dates, and runbooks are operating.
Dependency audit, lint, unit tests, and production builds are part of the change process.
No SOC 2 report has been issued. Controls and evidence are being organized for future independent readiness and examination.
No penetration-test attestation is currently claimed. Independent application testing and remediation review remain on the assurance roadmap.
We will identify the assessor, scope, and report period here if an independent certification or examination is completed.
Please send a clear description, affected URL, reproduction steps, and potential impact. Do not access other people's information, disrupt service, or include sensitive data in the report.