Security is part of how Techno Optics ships, not a checklist we visit at audit time. This page summarizes our standing posture and how to reach us if you find something.
Posture
- All production traffic is TLS 1.2+ with HSTS preload.
- Authenticated services enforce 2FA for staff and least-privilege access.
- Secrets live in managed secret stores; no credentials in code or chat.
- Dependency updates and CVE monitoring run continuously in CI.
- The products we maintain on behalf of clients carry their own incident response runbooks, scoped to the engagement.
Privacy by design
We collect the minimum personal data required to deliver each product. We never use customer data to train AI models. Where AI features exist, prompts and responses are scoped to the customer that produced them.
Reporting a vulnerability
Use our contact form and mark the engagement type as Other. We acknowledge within two working days and aim to resolve high-severity issues within seven. Please give us a reasonable window to fix before disclosure. We don't bring lawyers to a good-faith report.
Compliance
We're SOC 2 Type II ready and align our practices with WCAG 2.2 AA, GDPR, and CCPA. We sign data processing agreements when the engagement requires one.