Security Policy
AUDIT_IDENTIFIER fs-sec-2026 // LAST_MODIFIED: JUNE 21, 2026
01 Encryption & Data Transit
We employ modern industry-standard transport security across all communication loops. All API gateways, static websites, and serverless edge functions developed by FractalSoftware require TLS 1.3 encryption with robust cipher suites. Database storage blocks are encrypted at rest utilizing AES-256 standard protocols.
02 Static Analysis & Build Auditing
Every software package and third-party library is audited for vulnerabilities before being integrated into our build pipes. We run automated static analysis (SAST) and package lock file scanners (such as Dependabot or Snyk) on all repositories. Development builds are strictly compiled with lock files pinned using `pnpm` to ensure cryptographic integrity.
03 Edge Gateways & Identity Management
We isolate backend services behind authenticated API gateways with centralized OAuth 2.0 and JWT verification tunnels. All secrets, connection strings, and credential vectors are injected as secure environment variables at runtime and never committed to source directories. We require multi-factor authentication (MFA) on all deployment consoles.
04 Vulnerability Reporting (Bug Bounty)
We welcome vulnerability reports from independent cybersecurity researchers. If you identify a security issue in our digital platforms or client architectures, please contact our emergency engineering team. We commit to reviewing all verified issues within 24 hours and executing patches with extreme urgency.
Vulnerability Disclosure
To securely submit reports, please encrypt payloads using our PGP key.