Version 1.0 · Last updated 7 July 2026
Security and ethics are designed into our work from the start, not bolted on at the end. We aim to protect our systems and the data our customers trust us with through layered controls, sensible defaults, and continuous review.
Our website and services run on reputable cloud and edge platforms with strong physical and network security. We serve everything over HTTPS and apply security headers (including strict transport, content-type, and framing protections) across our pages.
Data is encrypted in transit using modern TLS. Where we store personal or customer data, we protect it with encryption at rest provided by our infrastructure partners.
Access to production systems and data is limited to the people who need it, protected by strong authentication and reviewed regularly. Secrets and credentials are stored in managed secret stores, never in source code.
We log and monitor key systems for anomalies and maintain processes to respond to incidents. We take regular backups of critical data and test our ability to recover.
We collect the minimum data needed, retain it only as long as necessary, and handle it as described in our Privacy Policy. AI features are built with attention to data minimization and appropriate safeguards.
We welcome reports from security researchers. If you believe you've found a vulnerability, please email hello@sibuor.com with details and steps to reproduce. Our machine-readable contact is published at /.well-known/security.txt.
Please give us a reasonable opportunity to investigate and remediate before public disclosure, and avoid accessing or modifying data that isn't yours. We won't pursue good-faith research conducted under these guidelines.
For security questions, reach us at hello@sibuor.com.