Security
Last updated March 12, 2026
Security is treated as a delivery discipline across architecture, infrastructure, admin access, and public form handling. This page summarizes the posture and disclosure expectations for the website.
Security Approach
- Secure headers and transport controls are applied at the application layer.
- Public forms are validated server-side and protected with abuse controls.
- Server-only credentials are reserved for privileged persistence workflows.
- Deployment design anticipates edge controls, monitoring, and environment separation.
Administrative Security Expectations
Where administrative or CMS capabilities are introduced, the operating model assumes MFA, least privilege, audit logging, and role-scoped access. Service role credentials must never be exposed client-side.
Responsible Disclosure
If you believe you have identified a security issue affecting the website or related public systems, contact info@jclinchtech.com with clear reproduction details, impact context, and safe contact information. Please avoid destructive testing or actions that could expose real user data or disrupt service.
Disclosure Handling
Reports are reviewed for legitimacy, scope, and severity. Coordinated disclosure expectations will be discussed directly with the reporter when appropriate.