Security

How we protect Explural's website and research systems.

Security is part of building trust with partners, investors, and the public. This page describes our current security practices for the Explural website and supporting research systems, how to report issues, and how we handle incidents.

Security practices

Current controls and processes.

SEC-01

Organization-owned content

This page is maintained by Explural to answer common security questions about our website and research systems. It describes our current practices and is not an independent certification or audit report.

SEC-02

Encrypted connections

Explural's public website is served over HTTPS, and data submitted through forms is transmitted using encrypted connections. Access to any submitted information is limited to the people who need it to respond.

SEC-03

Access controls

Internal systems and subscriber data are protected by role-based access controls and strong authentication. We review access as the platform and team grow.

SEC-04

Reporting vulnerabilities

If you discover a security issue, please contact us through our contact form or direct channel with enough detail to reproduce and assess it. We handle reports in good faith and do not pursue legal action against good-faith researchers.

SEC-05

Incident response

We maintain a simple incident response process to detect, assess, and communicate about security issues. If an incident affects user data, we will notify affected users as required and appropriate.

SEC-06

Shared responsibility

Explural manages the security practices described here for its own website and research systems. Underlying hosting and infrastructure are provided by our service providers, who maintain their own security controls and compliance programs.

Have a security question?

For vulnerability reports, data access questions, or anything else about our security practices, please reach out.

Contact the security team