Security Contact: security@shortnd.com • Status Page: https://status.shortnd.com • Public Keys: Available upon request
Our Security Program (Summary)
- Governance: documented ISMS; risk assessments; leadership oversight.
- Access Controls: RBAC, least privilege, MFA/SSO, periodic reviews.
- Encryption: TLS 1.2+ in transit; AES‑class encryption at rest; managed keys.
- Network/App Security: segmented networks, WAF/CDN/DDoS, code review, SAST/DAST, secrets management.
- Data Management: minimization; truncation/pseudonymization for IPs post‑processing where feasible; environment separation.
- Monitoring/IR: centralized logging, alerting, runbooks, post‑incident reviews.
- Business Continuity: encrypted backups; tested restore; DR objectives defined.
- Vendor Risk: diligence, DPAs, transfer safeguards (DPF/SCCs).
Compliance & Reports
- SOC 2 / ISO 27001: In progress; target completion 2026.
- Penetration tests: annual by independent firm; executive summary available under NDA.
- Privacy: see Privacy Policy, DPA, Sub‑processor Registry.
Responsible Disclosure (Vulnerability Reporting)
We welcome good‑faith security research. Email security@shortnd.com with details, reproduction steps, and impact. Do not access data that isn't yours or degrade service. We do not currently operate a public bounty program; rewards may be discretionary.
Customer Controls
SSO (SAML/OIDC), role‑based permissions, API key rotation, IP allow‑listing, audit logs, export tools.