SECURITY STATUS

01. VULNERABILITY DISCLOSURE

We take the security of our own infrastructure as seriously as we take the security of your targets. If you discover a vulnerability in CROSSFYRE, we request that you report it to us via our responsible disclosure program.

• Email: security@clickswave.com (PGP key available on keybase)
• Do not exploit the vulnerability beyond what is necessary to demonstrate it.
• Do not exfiltrate customer data.

02. INFRASTRUCTURE DEFENSE

Our cloud infrastructure is hardened according to CIS Benchmarks. We employ continuous automated scanning (dogfooding our own product) to identify misconfigurations and vulnerabilities.

03. DATA ENCRYPTION

AT REST: All sensitive database fields are encrypted using AES-256-GCM. Backups are encrypted and stored in geo-redundant locations.
IN TRANSIT: We enforce TLS 1.3 for all web traffic. HSTS is enabled to prevent protocol downgrade attacks.

04. ACCESS CONTROL

We follow the principle of least privilege. Production access is restricted to core engineering staff and requires MFA. All access is logged and audited.