Unstatic Labs takes security seriously. This page describes our security practices and how to report vulnerabilities.

Our Security Practices

Infrastructure

  • Hosting: We use reputable cloud providers with strong security track records
  • TLS/HTTPS: All connections are encrypted using modern TLS
  • Access controls: Role-based access with principle of least privilege
  • Monitoring: We monitor our systems for suspicious activity

Development

  • Code review: Code changes are reviewed before deployment
  • Dependency management: We track and update dependencies regularly
  • Secrets management: Credentials are stored securely, never in code
  • Testing: We test for common vulnerabilities

Data Protection

  • Encryption: Data at rest and in transit is encrypted
  • Backups: Regular backups with secure storage
  • Access logging: Access to sensitive data is logged
  • Data minimization: We collect only what we need

Responsible Disclosure

If you discover a security vulnerability in any Unstatic Labs system or website, we encourage you to report it responsibly.

How to Report

Email: security@unstaticlabs.com

Or if unavailable: contact@unstaticlabs.com with subject “Security Report”

What to Include

  • Description of the vulnerability
  • Steps to reproduce
  • Potential impact
  • Your contact information (optional, but helpful for follow-up)

What We Commit To

  • Acknowledge your report within 3 business days
  • Investigate promptly and keep you informed of progress
  • Fix confirmed vulnerabilities in a reasonable timeframe
  • Credit you (if desired) when the issue is resolved
  • Not pursue legal action against good-faith security researchers

What We Ask

  • Do not access or modify data belonging to others
  • Do not disrupt our services or systems
  • Do not publicly disclose vulnerabilities before we’ve had time to fix them (90 days is typical)
  • Do act in good faith and avoid privacy violations

Scope

This policy applies to:

  • unstaticlabs.com
  • *.unstaticlabs.com subdomains
  • Services operated by Unstatic Labs

It does not apply to:

  • Third-party services we use (report to them directly)
  • Social engineering or physical security attacks
  • Denial of service attacks

Security Contacts

Security reports: security@unstaticlabs.com
General contact: contact@unstaticlabs.com
Partner inquiries: partners@unstaticlabs.com

Incident Response

If you believe your data has been compromised in an incident involving Unstatic Labs:

  1. Contact us immediately at security@unstaticlabs.com
  2. Provide details of the suspected incident
  3. We will investigate and respond within 24 hours

Updates

This security policy may be updated as our practices evolve. Significant changes will be noted on this page.

→ Privacy Policy | → Legal Notice | → Contact