Frixion Security
Thank you for helping keep Frixion secure.
How to report a vulnerability
We aim to acknowledge non-urgent reports within one week and keep you updated until the issue is resolved.
How we keep Frixion safe
We use a layered security approach to protect our services and communications, including:
- Encrypted email transport and authentication controls such as SPF, DKIM, and DMARC to reduce spoofing and phishing risks.
- Signed email messages and verified domain identity practices to help recipients trust legitimate communications.
- HTTPS everywhere to encrypt traffic in transit between users and our services.
- HSTS and modern transport security practices to encourage secure connections and reduce downgrade risks.
- QUIC/HTTP3 support where available to improve performance while maintaining strong transport security.
- Encrypted password storage, secure database design, and access controls to protect sensitive data.
- GDPR-aligned data handling practices, privacy by design, and careful retention of personal information.
- Ongoing monitoring, updates, and secure configuration practices to reduce exposure and respond quickly to new threats.
What we do every day
- Keep software, dependencies, and infrastructure up to date.
- Use least-privilege access controls for staff and systems.
- Review code, perform testing, and assess third-party components before deployment.
- Monitor systems, logs, and alerts to detect and respond to unusual activity.
- Maintain backup, recovery, and incident-response procedures.
Responsible disclosure
We appreciate clear, factual reports and triage them promptly. Please avoid sharing sensitive data in email when possible, and use encrypted channels for any confidential information you need to provide.
Security posture
Our approach is privacy-first, encryption-by-default, and transparent about how we protect services and handle reports. We aim to use secure defaults, rate limiting, and abuse prevention controls wherever practical.
Visit our main site: frixion.xyz