---
title: "Security"
description: "How Sumantic handles security: senior-engineer oversight on every change, least-privilege access, encryption in transit, and a deliberate policy of not collecting sensitive personal or payment data through this site."
canonical_url: https://sumantic.ai/security/
last_updated: 2026-06-17
---

# Security

Security is engineered in, not bolted on. This page describes our posture for this website and our engagements.

## Engineering posture

Every change in an engagement passes through senior-engineer review at each gate of our agentic SDLC, including an adversarial review stage. Nothing reaches a client environment unreviewed. We design for least-privilege access, auditable trade and data trails, and integration with a client's existing controls rather than around them.

## This website

- Served as static assets over HTTPS with HSTS and a strict content security policy.
- Contact is by email; the site runs no forms or data-collection endpoints.
- We do not collect or store credentials, payment-card data, or sensitive personal data through this site.
- Analytics are cookieless and privacy-first; we do not run third-party advertising trackers.

## Reporting an issue

If you believe you have found a security issue with this website, please email [info@sumantic.ai](mailto:info@sumantic.ai) with the details. We will acknowledge and investigate responsibly.

> This page describes practice and intent for this website and our engagements; it is not a contractual commitment. Engagement-specific security terms are agreed in writing.

---
Canonical HTML: https://sumantic.ai/security/