Trust Center · live status
Our Trust Center. Because trust is shown, not claimed.
We run on ourselves what we sell. Here, in the open, is our security posture: how we protect data, our policies, and the technical security of this site.
Our status, no rounding up
We show where our security really stands, including what's still in progress. It's the first way we prove we don't sell facades.
Last updated: 2026-05-24
Operational
Site security
TLS, security headers and security.txt active.
Operational
Internal controls / hardening
Zero Trust, MFA/SSO on access, password management.
In preparation
ISMS / ISO 27001
We're structuring the ISMS. We won't show a 'Certified' badge until it truly is.
Active
Continuity & testing
Periodic audits and pentests on our own infrastructure.
Policies & documents
Some documents are public; those with operational detail are available on request, under NDA: not for secrecy, but because reducing exposure is part of security.
- Information Security PolicyNDA
- Privacy PolicyPublic
- Acceptable Use / Access ControlNDA
- Incident Response (public summary, detail under NDA)Public / NDA
- Sub-processor list & data residencyPublic
This site's security
The technical security of this page is verifiable. Here's what we apply.
security-posture.txt
live- Valid TLS + HSTS
- Security headers: CSP, X-Content-Type-Options,
- Referrer-Policy, Permissions-Policy, frame-ancestors
- MFA/SSO on internal access
- No non-essential cookies before consent
Sub-processors & data residency
An up-to-date list of vendors that process data on our behalf, with purpose and region. Real vendors only.
| Vendor | Purpose | Region |
|---|---|---|
| Vercel | Site hosting | EU / US |
| Email provider (info@bastionsec.io) | Company email | EU |
| Analytics (post-consent) | Aggregate statistics | EU |
The NDA gating is itself a security feature, not an obstacle: reducing exposure of operational detail protects you too.
Request the confidential documents
We share confidential documents after an NDA is signed. No cold access: confidentiality protects you too. Send us your details and which documents you need.
Request documents (NDA)Want a Trust Center like this?
We build and maintain one for you too: living proof your security is real, in front of your clients.
Explore the Trust Center serviceOur Trust Center. Because trust is shown, not claimed.
We run on ourselves what we sell. Here, in the open, is our security posture: how we protect data, our policies, and the technical security of this site.