Loading
Loading
How Scriptia Labs approaches security across our infrastructure, products, and practices.
Last updated July 3, 2026
We treat security as a foundation of how we build, not a feature we add later. Every product we ship is built by the same team responsible for its infrastructure, which means security decisions are made by people who understand the system end to end, not handed off to a separate function after the fact.
We apply the principle of least privilege internally — access to data and systems is limited to what's needed for a given role, and reviewed as our team and products grow. We minimize what we collect in the first place, which reduces what there is to protect.
Data is encrypted in transit using industry-standard protocols (TLS) across our website and products. Where sensitive data is stored, it’s encrypted at rest using our infrastructure providers’ standard encryption practices.
If you discover a security vulnerability, we ask that you report it to us before disclosing it publicly, so we have a chance to investigate and fix it. Report vulnerabilities to [email protected] — see our Contact page for more detail. We commit to acknowledging reports promptly and keeping you informed as we work through them.
We keep our infrastructure and dependencies current, and apply security patches as they become available, prioritized by severity. This is an ongoing, routine part of how we operate our products — not a one-time effort.
In the event of a security incident that affects user data, we will investigate promptly, take steps to contain and remediate it, and notify affected users and relevant authorities as required by applicable law.
As Scriptia Labs and our products grow, we intend to formalize a structured vulnerability disclosure program, potentially including a public bug bounty. Until then, the responsible disclosure process above is the right way to report a concern.