Spring naar hoofdinhoud
GuardFoundry
// Security

Our security stance

We practice what we preach. Here's how we handle security, privacy, and responsible disclosure for our own systems.

01Responsible Disclosure

We take the security of our systems seriously. If you've found a security vulnerability in any GuardFoundry system, we want to hear about it.

How to report

  • Email: security@guardfoundry.nl
  • Include a detailed description of the vulnerability
  • Steps to reproduce, proof of concept if possible
  • PGP encryption available on request

Our commitment

  • We will acknowledge receipt within 24 hours
  • We will provide an initial assessment within 72 hours
  • We will keep you informed of our progress
  • We will not take legal action against good-faith reporters
  • We will credit researchers (with consent) in our advisories

Scope

All GuardFoundry-operated systems and services are in scope. Please do not perform testing that could degrade service for other users, access other users' data, or use social engineering against our team.

02Privacy Stance

Privacy is not a feature we add — it's a constraint we design around. Here's what this means in practice:

Third-party scriptsNone

Zero external JavaScript loaded

AnalyticsNone

No Google Analytics, Plausible, or similar

CookiesNone

No cookies set by this website

Tracking pixelsNone

No Facebook Pixel, LinkedIn Insight, etc.

CDNSelf-hosted

All assets served from our infrastructure

FontsSystem fonts

No Google Fonts or external font loading

Contact form data

Data submitted through our contact form is stored on our own servers (self-hosted, no third-party SaaS). We retain contact form submissions for the duration of the business relationship, after which they are deleted. You may request deletion at any time by emailing privacy@guardfoundry.nl.

03Security Headers

This website employs the following security headers:

$Content-Security-Policy: default-src 'self'
$X-Content-Type-Options: nosniff
$Referrer-Policy: strict-origin-when-cross-origin
$X-Frame-Options: DENY

04security.txt

We publish a security.txt file following RFC 9116 to make it easy for security researchers to report vulnerabilities.

/.well-known/security.txt
Contact: mailto:security@guardfoundry.nl
Expires: 2026-12-31T23:59:59.000Z
Preferred-Languages: en, nl
Canonical: https://guardfoundry.nl/.well-known/security.txt
Policy: https://guardfoundry.nl/security