Current website posture

A deliberately simple, low-risk pre-launch site.

The current DG Workflow website keeps the public attack surface small while the business is still pre-launch. This page is a plain-English summary, not a formal security audit or guarantee.

What can be said

Static pre-launch pages and assets.
No login, account system, public contact form, payment checkout, public database, visitor uploads, analytics package, or public AI API.
Public demos use synthetic data only.
Browser security headers and a restrictive content security policy are configured.
Dependency audit checks, Dependabot, and a responsible security reporting policy are present in the website repository.

What should not be claimed

The site is fully secure.
The site has been penetration tested.
DG Workflow is ISO 27001 or SOC 2 certified.
Any client data can be handled safely without review.
AI data is private by default.

Before adding anything interactive

Forms, analytics, payments, databases, public AI APIs, file uploads, and visitor-submitted demo inputs all change the privacy, cost, security, and abuse model. They should be reviewed before they are added to the public site.

Data & AI Privacy Contact