Trust
Our own posture.
A site about security should hold itself to the same standard it preaches. Here is how we run ours.
Arcandel is a static website with no user accounts. Content is served over HTTPS with HSTS, a strict Content Security Policy, and standard hardening headers. The site’s only dynamic surface is the waitlist form, which posts to a locked-down server-side function writing into storage no client can read. Source is version-controlled and deploys are reproducible from a clean build.
Found something we should know about? Responsible disclosure is welcome.
Contact: security@arcandel.com