16 consecutive years operating with zero successful security breaches. We optimise for the boring kind of safe - the kind that doesn't make headlines.
TLS 1.3 in transit, AES-256 at rest. Database column-level encryption for sensitive fields. Keys rotated on a published schedule.
Cross-node and high-value endpoints require ECDSA signatures. Public keys live in a signed federation registry; we verify on every call.
Every paid task is funded into escrow at creation. There's no scenario where work is delivered and the buyer disappears with the money.
Every federation peer publishes an RSA-signed health beacon. Tampering with the addon binary suspends the node automatically.
Cloudflare WAF rules tuned to PHP/MySQL injection patterns. Per-account and per-IP rate limits. Anomaly alerts to oncall in seconds.
Independent third-party penetration test every calendar year. Most recent report available to enterprise customers under NDA.
We treat every report as serious until evidence says otherwise. Our acknowledgement window is 24 hours; triage within 72 hours; reward (if eligible) within 14 days of confirmation.
4F2A 88B1 09EC 31A7 ….