Every promise, with the receipt attached.
Trust is earned one proof at a time. This page links every claim we make about security, privacy, sustainability, and accessibility to the evidence behind it. You should never have to take our word for anything — you should be able to check it in under a minute.
Trust pillars
Security
How we keep the website, your messages, and the data behind it safe — explained in plain language and backed by numbers you can verify.
Privacy
What we collect, what we choose not to collect, how long we keep it, and the one-email path to ask for a copy or a deletion.
Sustainability
A web page small enough to load on a five-year-old phone over 2G. We measure it every build, not only when it suits us.
Accessibility
What WCAG 2.2 AA means in practice, how we test against it on every build, and what we already ship for users in fourteen languages.
Subprocessors
Every third party that may touch your data, what they access, and where they operate.
| Name | Purpose | Data accessed | Location |
|---|---|---|---|
| Let's Encrypt (opens in a new tab) | Issues the TLS certificate that lets your browser confirm it is talking to our real server. | None. The service only checks that we control the domain name — it never sees any visitor data. | United States |
| Mailcow (opens in a new tab) | Delivers email between our contact form and our reply inbox. | The message you send, only while we are reading and answering it. | Canada |
| Contabo (opens in a new tab) | Provides the physical server and encrypted storage where the website lives. | Encrypted disk volumes only. The hosting team does not read site content. | Canada (data centre region) |
| Dokploy (opens in a new tab) | Releases new versions of the website onto our infrastructure. | Runs inside our infrastructure. It never sends data outside the machine it runs on. | Our infrastructure |
Certifications
None yet
We are a small studio. Formal certifications are expensive and slow. When we earn one it will appear here with a link to the issuer.
Where your data lives
This website is hosted in Canada. There is no content delivery network in front of it. When the page loads in your browser, your browser is speaking directly to our origin. Nothing sits in the middle to copy, cache, or read your traffic.
Our encrypted backups roll on a thirty-day cycle. They never leave the datacentre region. They are protected at rest with a key that only two people on our team can unlock.
Security disclosure policy
Found a weakness, a bug, or something that simply looks wrong? Write to security@intelligentsingularityinc.com. We answer within one business day, work with you on the fix, and credit the reporter by name in the public advisory once the issue is patched — unless you ask us not to.
We never sue researchers who follow the responsible-disclosure terms on /security.
Found something? Please tell us first.
Coordinated disclosure is the path we take seriously. Email security@intelligentsingularityinc.com with a description and reproduction steps. We acknowledge reports within one business day, triage within three, and ship a fix on a timeline we agree with you. Researchers are credited by name in our post-mortem when a fix ships — unless you prefer to remain anonymous. We do not threaten or sue good-faith security researchers, full stop.
Last reviewed: