Responsible disclosure
Report security concerns through the ProofTether Support Desk form on /contact or the anti-spam security alias in Legal Notice. Do not send secrets, source code, provider keys, or private datasets.
SECURITY
ProofTether Control separates hosted metadata from customer-controlled source, secrets, and model runtimes.
Report security concerns through the ProofTether Support Desk form on /contact or the anti-spam security alias in Legal Notice. Do not send secrets, source code, provider keys, or private datasets.
Support and public forms must not receive API keys, credentials, raw repositories, local model weights, or customer datasets.
Production deployments should run behind HTTPS with strict transport, frame, content-type, referrer, and permission boundaries.
Customer sessions resolve organization and project scope before mutating endpoints are allowed.
Effective date: 2026-07-01. Public contact uses the ProofTether Support Desk form plus anti-spam electronic aliases to reduce mailbox scraping. Paddle live checkout is pending verification; do not submit unavailable checkout routes as active.