Trust & safety
Website security controls
This page lists safeguards implemented in the current website application.
Implemented controls
The application uses HTTPS on Vercel, restrictive response headers, server-side input validation, same-origin checks for form APIs, bot honeypots, and provider webhook signature validation.
- Content Security Policy, HSTS, frame protection, and MIME protection
- Provider credentials restricted to server environment variables
- Zod validation and bounded input lengths on server endpoints
- Twilio request-signature validation
- Vonage signed-webhook JWT and payload-hash validation
Report a concern
Send security reports to privacy@guillermotaysllc.com. Do not include passwords or sensitive personal information in the initial report.
