What we focus on
- Least-privilege access for production systems and administrative actions
- Encryption in transit for customer-facing endpoints (HTTPS)
- Dependency and supply-chain hygiene for the applications we ship
- Logging and monitoring to detect abuse and operational incidents
- Review of subprocessors used for hosting, email, payments, and analytics
Your responsibilities
Security is shared. You are responsible for safeguarding credentials, rotating API keys when team members leave, configuring your Guidly integration correctly, and following your own organizational policies for end-user data.
Vulnerability disclosure
If you believe you have found a security vulnerability in Guidly, please email our contact address with a clear description, steps to reproduce, and any suggested impact. Do not perform testing that could degrade service for other customers (for example, automated scanning against production without prior agreement).
We aim to acknowledge valid reports within a few business days and work with you on a sensible disclosure timeline.
Privacy
Personal data handling is described in our Privacy Policy.