Our security stance.
FaStart treats security, privacy, and operational trust as part of the product surface. This page describes the current controls and the boundaries we apply while the platform grows.
PLATFORM SECURITY
fastart.tech ships HSTS, CSP, X-Content-Type-Options, Referrer-Policy, and restrictive permission headers.
Transport is encrypted, and production services are designed around least-privilege access and auditable changes.
We accept coordinated vulnerability reports through security@fastart.tech.
DATA AND AGENT BOUNDARIES
Visitor and contact data is handled under KVKK/GDPR-aligned principles.
Agentic product surfaces must preserve merchant control, logs, and override paths before they graduate from research.
Third-party services are reviewed for data handling, operational role, and necessity before adoption.
VULNERABILITY DISCLOSURE
Email: security@fastart.tech
PGP key: /.well-known/pgp-key.txt
Scope: fastart.tech (this site) and fastart.co (product). Out of scope: third-party services we use.
Response time: 24 h acknowledgement, 5 business days triage.