Security Policy

Effective Date: December 2025
Last Updated: December 2025

Eigen State Limited is committed to maintaining the security of our systems, services, and client data. This policy outlines our approach to security and provides guidelines for responsible vulnerability disclosure.

Our Security Commitment

We implement industry-standard security measures to protect:

  • Client data and confidential information
  • Our website and web applications
  • Internal systems and infrastructure
  • Communication channels

Security Measures

Technical Controls

  • Encryption: All data in transit is encrypted using TLS 1.2 or higher
  • Access Control: Role-based access control for all systems
  • Authentication: Multi-factor authentication for sensitive systems
  • Monitoring: Continuous monitoring for security events
  • Updates: Regular security patching and updates

Organizational Controls

  • Security awareness training for all team members
  • Secure development practices
  • Regular security reviews and assessments
  • Incident response procedures
  • Data classification and handling guidelines

Responsible Disclosure

We appreciate the security research community and welcome responsible disclosure of potential vulnerabilities. If you discover a security issue with our website or services, please report it responsibly.

How to Report a Vulnerability

Email: security@eigenstatelabs.com

Please include:

  • Description of the vulnerability
  • Steps to reproduce the issue
  • Potential impact assessment
  • Any supporting evidence (screenshots, logs)
  • Your contact information for follow-up

What to Expect

  1. Acknowledgment: We will acknowledge your report within 48 hours
  2. Assessment: We will investigate and assess the vulnerability
  3. Updates: We will keep you informed of our progress
  4. Resolution: We will work to resolve valid vulnerabilities promptly
  5. Recognition: We will acknowledge your contribution (with your permission)

Guidelines for Researchers

When conducting security research, please:

  • Do: Report vulnerabilities promptly and responsibly
  • Do: Allow reasonable time for remediation before public disclosure
  • Do: Minimize access to only what's necessary to demonstrate the vulnerability
  • Don't: Access, modify, or delete data belonging to others
  • Don't: Disrupt our services or systems
  • Don't: Perform social engineering attacks
  • Don't: Conduct denial of service testing
  • Don't: Test physical security controls

Scope

In Scope:

  • eigenstatelabs.com website and subdomains
  • Web application vulnerabilities (XSS, CSRF, injection, etc.)
  • Authentication and session management issues
  • Information disclosure vulnerabilities
  • Security misconfigurations

Out of Scope:

  • Denial of service (DoS/DDoS) attacks
  • Social engineering attacks against our staff
  • Physical security testing
  • Third-party services we use (report to them directly)
  • Automated vulnerability scanning without permission
  • Spam or phishing attempts

Incident Response

In the event of a security incident:

  1. We will investigate and contain the incident
  2. We will assess the impact on affected parties
  3. We will notify relevant authorities (ICO) as required
  4. We will notify affected individuals without undue delay
  5. We will implement measures to prevent recurrence

Data Breach Notification

Under UK GDPR, we are required to:

  • Report qualifying breaches to the ICO within 72 hours
  • Notify affected individuals without undue delay when there is high risk
  • Document all security incidents for compliance purposes

Third-Party Security

We carefully evaluate the security practices of our service providers:

  • Firebase/Google Cloud: ISO 27001, SOC 2, SOC 3 certified
  • Domain registrar: Industry-standard security controls
  • Regular review of third-party security posture

Contact

For security-related inquiries:

For more information about how we protect your data, see our Privacy Policy.

Eigen State Limited is registered in England and Wales (Company Number: 16644604)