Quiet rooms
stay quiet.
Membership data is sensitive. The platform is built so briefs, contracts and rosters never leave the gate.
EU-only stack
Primary infrastructure runs on Hetzner Cloud in Frankfurt. Member data never leaves the region.
Encryption end-to-end
AES-256 at rest, TLS 1.3 in transit. Backups encrypted with rotating keys, restored monthly.
Single-tenant data
Each member organisation has its own logical tenant, isolated by row-level security.
Bcrypt invite codes
Codes are bcrypt-hashed, single-use, scoped to a single device fingerprint, expire in 14 days.
Bot mitigation
Public access endpoints sit behind Cloudflare Turnstile. Aggressive throttling on /access.
Quarterly pentest
Third-party penetration test every quarter. Findings tracked in a public-summary report for members.
Found something?
Email [email protected]. We respond within one business day, work with you on a fix, and credit you publicly if you wish.
- Median first response6h
- Median time to fix3 days
- Bounty range€100 — €4,000
- PGP fingerprint9F3D 4A12 8C77 …