Security & disclosure

• TLS 1.3 in transit on every public endpoint (Cloudflare-managed).
• Encryption at rest for all databases (Neon-managed Postgres).
• Bcrypt password hashing with strong policy (min 12 characters).
• Rate limiting and lockout on authentication endpoints.
• Row-level multi-tenancy isolation between accounts.
• Audit logging for sensitive actions.

If you believe you have found a security issue, please email security@everguardly.com with a clear description and reproduction steps. We respond within 72 hours and will credit you in our disclosure log once a fix has shipped.

EU customers can request a full data export or hard account deletion from the dashboard once V1 ships. Requests are completed within 30 days as required by GDPR Article 15 (access) and Article 17 (erasure).