Security & Privacy
At Stack of Truths, we take security seriously β not just for our clients, but for their customers too. This page explains how we protect your data, maintain confidentiality, and ensure every report is verifiably authentic.
Your data is encrypted using the same standard as banks and governments.
π CyberFlex Report Security β Complete
Every client receives a tamper-proof, verifiable report package. No one can fabricate a CyberFlex report β the GPG signature and hash verification make it mathematically provable.
π What clients receive:
report.html β Original HTML report
report.pdf β Branded PDF with watermark on every page
report.pdf.asc β GPG digital signature
π How clients verify authenticity:
β Compliance & Assurance
| Authenticity | GPG signature β proves report came from CyberFlex |
| Integrity | SHA-256 hash β proves report wasn’t modified |
| Non-repudiation | GPG key tied to CyberFlex identity |
| Watermark | Diagonal “CYBERFLEX CONFIDENTIAL” on every PDF page |
| Verification | Public API endpoint + public key download |
π Data Encryption at Rest
All client booking information, target domains, and audit data are encrypted immediately upon submission using:
- AES-256-CBC β Military-grade encryption algorithm
- PBKDF2 β Key derivation with 100,000 iterations
- Unique passphrase β Stored with 600 permissions (owner-only access)
π Confidentiality & Non-Disclosure
Every client engagement is protected by a strict confidentiality agreement. I do not share findings, reports, or client identities without explicit written permission.
If you require a signed NDA before discussing your project, just ask β I provide one for every engagement.
π‘οΈ Secure Pentesting Environment
All security assessments are performed on a dedicated, isolated pentest laptop:
- No cross-contamination with production systems
- Air-gapped where required
- Tailscale VPN for secure remote access
- UFW firewall with strict port rules
- SSH with 2FA (Google Authenticator)
π Data Retention & Deletion
Client data is retained only as long as necessary:
You may request deletion of your data at any time. I will confirm deletion within 72 hours.
π Infrastructure Security
Your data resides on a VPS with the following protections:
- β Daily automated backups
- β Firewall (UFW) with minimal open ports (22, 80, 443, 8081, 8090)
- β Tailscale mesh VPN for authorized access only
- β SSH key + 2FA authentication
- β Regular security updates and patching
π§ What Information We Collect
When you book a pentest, we collect:
- Your name, email, and company (for engagement purposes)
- Target domains or IP addresses (for testing)
- Digital signature authorization (for legal compliance)
- Payment information (processed securely via Stripe β we never store your card details)
π Your Rights (GDPR & CCPA)
You have the right to:
- Access β Request a copy of your data
- Correct β Update inaccurate information
- Delete β Request removal of your data
- Portability β Receive your data in a structured format
For privacy requests, DM @StackOfTruths on X or email info@stackoftruths.com.
π Contact Us
If you have any security concerns or privacy questions:
- π¦ X (Twitter): @StackOfTruths
- π§ Email: info@stackoftruths.com
- π Address: Keurenplein 41, 1069CD Amsterdam, Netherlands
π¦ Stack of Truths β AI Penetration Testing for Small Entrepreneurs
KVK 94992266 Β· Registered in Amsterdam, Netherlands
