Trust Center

Security and privacy you can verify

VisibleSeed builds software for businesses and non-profits, so protecting the information you trust us with is part of the job, not an afterthought. This page explains how we secure data, the standards we follow, and how to reach us.

Subprocessors

Last updated June 4, 2026

Encryption everywhere

All traffic is served over HTTPS with HSTS preload. Data is encrypted in transit (TLS 1.2+) and at rest by our infrastructure providers.

Resilient infrastructure

Hosted on Cloudflare's global edge network with built-in DDoS protection, a CDN, and DNS. No customer production data is stored on this website.

Least-privilege access

Access to systems that hold client information is limited to those who need it, protected by multi-factor authentication, and logged.

Privacy by design

We collect the minimum we need, never sell your data, and never use it to train AI models. Cookieless edge analytics by default.

Monitoring and status

Edge logging and a public status page give us and you visibility into availability and incidents in near real time.

Responsible disclosure

A clear channel for security researchers to report issues, with a published security.txt and a committed response.

At a glance

Standards and compliance

We are an early-stage studio and are transparent about where we are. The list below reflects practices we follow today and what we are working toward. We are not yet SOC 2 certified; we can share a security overview and a DPA on request.

HTTPS / TLS with HSTS preload

Enforced

GDPR (EU/UK) practices

Aligned

CCPA / CPRA practices

Aligned

Data Processing Agreement

On request

Subprocessor transparency

Published

SOC 2

On our roadmap

Contents

Data protection
Infrastructure and hosting
Application security
Access control
Privacy and your rights
Subprocessors
Incident response
Business continuity
Report a vulnerability
Documents on request
Contact

Data protection

We minimize what we collect. The website forwards form submissions to our team by email; it does not store them in a public-facing database. Data handled by our providers is encrypted in transit with TLS and at rest. We do not sell your information and we do not use it to train AI models.

Infrastructure and hosting

visibleseed.com is a statically built site deployed to Cloudflare Pages, served from Cloudflare's global edge with DDoS protection, a CDN, managed TLS, and DNS. Dynamic endpoints run as isolated serverless functions. There is no long-lived application server behind the marketing site, and no customer production data lives on it.

Client applications and services run on reputable cloud infrastructure - primarily Oracle Cloud Infrastructure and Amazon Web Services - which provide physical security, network isolation, and encryption at rest. Our full provider list is on the subprocessors page.

Application security

Source code is version-controlled in Git with change history and review.
Continuous integration runs type checks and a production build on every change before it can ship.
Dependencies are kept current and reviewed for known vulnerabilities.
Forms use anti-spam controls (honeypots and bot mitigation) and strip control characters from input.
Secrets are stored as environment variables in the hosting platform, never committed to source control.

Access control

Access to systems that hold client information is granted on a need-to-know basis, protected by multi-factor authentication, and removed promptly when no longer needed. Administrative actions are logged by the underlying platforms.

Privacy and your rights

Our Privacy Policy explains what we collect, why, how long we keep it, and the rights you have, including access, correction, deletion, and portability. EEA/UK residents have GDPR rights; California residents have CCPA/CPRA rights. To exercise any of them, email privacy@visibleseed.com.

Subprocessors

We publish the full, current list of third parties that may process personal data on our behalf, including what each one does and where it operates. See /subprocessors. Active clients can request advance notice of changes.

Incident response and breach notification

If we discover unauthorized access to personal information, we investigate immediately, contain the issue, and notify affected users without undue delay and within the timelines required by applicable law, describing what happened, what data was involved, and what you can do.

Business continuity

Code and configuration are stored in version control and can be redeployed quickly. Hosting runs on a globally distributed platform that tolerates regional failures. Client deliverables and operational records are backed up by the providers that hold them.

Report a vulnerability

We welcome reports from security researchers. If you believe you have found a vulnerability in our website or services, email security@visibleseed.com with steps to reproduce. Please give us a reasonable chance to fix the issue before public disclosure, and do not access or modify data that is not yours. We will acknowledge your report and keep you updated.

Machine-readable contact details are published at /.well-known/security.txt.

Documents available on request

For vendor reviews and procurement, we can provide:

Security overview / questionnaire responses.
Data Processing Agreement (DPA).
Subprocessor list (also published here).
Certificate of insurance, where applicable.

Request any of these from security@visibleseed.com or hello@visibleseed.com.

Contact

VisibleSeed LLC
3815 Reveille St
Houston, TX 77087, USA
Security: security@visibleseed.com
Privacy: privacy@visibleseed.com
General: hello@visibleseed.com