How we protect data
- Transport: this site is served over HTTPS (TLS) so traffic between your browser and our host is encrypted in transit.
- Hosting: the public site runs on modern managed infrastructure with access controls and automated patches appropriate to a marketing brochure site.
- Forms: project briefs are validated server-side, protected with Cloudflare Turnstile when configured, and written to access-controlled systems (for example Airtable) using secrets stored as environment variables — not in source code.
- Access: administrative access to analytics, email, and project tools is limited to people who need it.
What this is not
This page is a high-level overview, not an audit report or guarantee. It does not cover security of third-party platforms you choose for your own site (for example your registrar, Webflow account, or payment processor).
Reporting a vulnerability
If you believe you have found a security issue affecting www.scalr.co.nz or our public infrastructure, please email karan@scalr.co.nz with enough detail to reproduce the issue. We read good-faith reports and aim to respond within a few business days. Please do not publicly disclose until we have had a chance to investigate.
A security.txt file is published at /.well-known/security.txt for automated discovery.