Security

Security scope for the public Vaultaproof web surface.

This page covers the public website, public proof routes such as verification and binder views, and the release surfaces published on this site. It does not make claims about private customer environments.

The public security surface is expected to stay factual, technically readable, and limited to what can actually be verified.

Responsible disclosureReport security issue

Public posture

Bounded and verifiable

Vaultaproof uses the public security page to describe the public web surface, not to imply hidden controls that are not publicly documented.

Public controls

Web delivery and browser protections.

01

HTTPS is enforced on the public website with HSTS.

02

The public application sends a Content Security Policy and browser hardening headers including X-Content-Type-Options, X-Frame-Options, Referrer-Policy, and Permissions-Policy.

03

Public routes are served with restrictive frame and resource policies configured in the application.

Release posture

Public release claims stay explicit.

01

No public installer or downloadable software package is published from this site today.

02

Because no public downloadable software is published, no public checksum, signature, or installer verification instructions are published either.

03

The Releases route exists to state product availability clearly without pretending there is a public download center.

Telemetry and privacy

Public site telemetry

01

The public site includes Vercel Analytics.

02

The public site source does not ship advertising or retargeting scripts.

03

Cookie and tracking behavior is documented in the Cookie Notice.

View releasesCookie notice