Trust & Safety
Security
How we protect your data — and how to report a vulnerability.
Overview
Security is foundational to DigitalStack. We handle sensitive project and business data on behalf of our customers, and we take that responsibility seriously. This page describes our security posture and explains how to contact us if you discover a vulnerability.
Reporting a Vulnerability
If you believe you have found a security vulnerability in any DigitalStack product or infrastructure, please report it to us privately so we can investigate and address it before public disclosure.
Email: [email protected]
Please include as much detail as possible: the affected URL or component, steps to reproduce, the potential impact, and any supporting evidence (screenshots, request/response logs). We will acknowledge your report within 2 business days.
We ask that you do not publicly disclose the issue until we have had a reasonable opportunity to investigate and deploy a fix.
Scope
The following are in scope for vulnerability reports:
- digitalstack360.com and all subdomains
- The DigitalStack360 web application
- The DigitalStack360 desktop application
- Our public APIs
The following are out of scope:
- Denial-of-service attacks
- Social engineering or phishing of DigitalStack staff
- Vulnerabilities in third-party services we use (please report those to the vendor)
- Findings from automated scanners without proof of exploitability
Our Response Process
When you submit a report we will:
- Acknowledge receipt within 2 business days
- Investigate and validate the report
- Keep you informed of our progress
- Deploy a fix and notify you when it is live
- Credit you in our acknowledgements (if you wish)
Our Security Practices
We maintain a number of controls to protect customer data:
- All data is encrypted in transit (TLS 1.2+) and at rest (AES-256)
- Authentication is handled by Supabase Auth with support for SSO / SAML 2.0
- Row-level security policies enforce data isolation between tenants
- Access to production infrastructure is restricted and audited
- Dependencies are monitored for known vulnerabilities
- We conduct regular internal security reviews
Responsible Disclosure
We follow responsible disclosure principles. We ask that researchers act in good faith — avoid accessing or modifying data that does not belong to you, and do not disrupt service for other users. In return, we commit to working with you in good faith to understand and remediate valid findings promptly.
We do not pursue legal action against researchers who report vulnerabilities responsibly and in accordance with these guidelines.