Privacy & Terms
What I collect when you contact me, how it's used, and the ground rules for any website or security work. No dark patterns, no data resale.
When you submit the contact form or the website risk check, I receive what you enter — typically your name, business name, website, industry, timeline, and your message or risk-check result. I use it only to reply to your inquiry and scope your project.
To respond to you, prepare a recommendation and quote, and keep a record of our conversation. I don't sell your data, share it with advertisers, or add you to marketing lists without your say-so.
Submissions arrive by email and, where a form backend is used, may pass through a privacy-respecting form provider purely to deliver the message. The site is served over HTTPS via Cloudflare.
I keep inquiry records only as long as useful for our working relationship. Email [email protected] any time to ask what I hold, correct it, or have it deleted.
Security testing is only ever performed under these terms — the same controls a national firm uses, run directly by the engineer doing the work.
No testing happens until scope, targets, and authorization are confirmed in writing. Testing is limited strictly to systems you own or are authorized to assess.
Findings, access details, and your business information are treated as confidential and can be covered by a mutual non-disclosure agreement.
You receive a clear report: plain-language risk for leadership, reproducible technical detail for your implementers, and prioritized fixes — with retest support to validate remediation.
Security researchers can report issues with this site responsibly via /.well-known/security.txt.
Email me directly and I'll answer plainly.