Independent security audit of our web app completed by Assured

Assured completed an independent security assessment of our web app. The assessment found no critical, high, or medium-severity issues. One low-severity input validation weakness was identified and promptly fixed.

A recent third‑party assessment found no issues enabling crashes or unauthorized data access. We remediated one input‑validation weakness and addressed five non‑security observations; one framework‑related behavior was accepted with no security impact.

The application previously lacked length limits on certain fields, allowing unusually large inputs (~500k+ characters). While this did not allow crashes or unauthorized access, it could cause error messages to echo raw input and consume unnecessary resources. We implemented strict application‑layer validation and sanitized error handling to mitigate both outcomes.

Security reviews are integral to our privacy commitments: strong security underpins all our privacy-by-design services. Read the full report here. Thank you to Assured for the thorough assessment. We will continue to conduct regular independent audits and publish transparent results.