Trust

Our own posture.

A site about security should hold itself to the same standard it preaches. Here is how we run ours.

Arcandel is a static website with no user accounts. Content is served over HTTPS with HSTS, a strict Content Security Policy, and standard hardening headers. The site’s only dynamic surface is the waitlist form, which posts to a locked-down server-side function writing into storage no client can read. Source is version-controlled and deploys are reproducible from a clean build.

Found something we should know about? Responsible disclosure is welcome.

Contact: security@arcandel.com