FAQs

Frequently asked questions

Answers to what we hear most from prospective clients. Don't see your question? Just ask us directly.

Security

How does Eiferone protect information submitted through this website?

Every form on this site (contact, careers applications, Bug Bounty registration) validates and sanitizes input server-side, is rate-limited to reduce abuse, and is protected by Cloudflare Turnstile to filter automated/bot submissions. Submitted data is stored in our access-controlled CMS and is only visible to authenticated Eiferone team members, never publicly.

Is my information encrypted in transit?

Yes. This site is served over HTTPS/TLS, and we enable HTTP Strict Transport Security (HSTS) so browsers only ever connect over an encrypted connection once they've visited us before.

How do you store resumes and personal data submitted through job applications?

Resumes are uploaded to a private, access-controlled storage collection that is not publicly readable, separate from the public images and documents used elsewhere on the site. Only authenticated members of our hiring team can view or download application materials.

Do you store credit card or payment information on this website?

No. This site does not process payments or collect cardholder data. Engagements are scoped and invoiced directly with clients through separate, dedicated channels.

Who can access the data I submit through your contact, careers, or Bug Bounty forms?

Only authenticated Eiferone team members with access to our content management system. Public visitors and search engines cannot read submissions; our CMS enforces this at the access-control level, not just through obscurity.

How can I report a security vulnerability in eiferone.com itself?

We welcome good-faith reports. See our Responsible Disclosure Policy and Vulnerability Reporting pages in the Trust Center for how to report an issue and what to expect from us in response.

Does Eiferone practice what it preaches on its own website's security?

We hold this site to the same standards we recommend to clients: security headers (including a Content Security Policy), least-privilege access control on every content type, brute-force protection on admin accounts, input validation and rate limiting on public endpoints, and a documented responsible disclosure process. Like any program, it's continuously reviewed and improved rather than a one-time checkbox.

Still have questions?