Security & Trust

markjcrawford.com is a personal professional website. It publishes writing, talks, and a contact form. It is not a SaaS product and does not host customer accounts, customer data, or payment processing.

The site is built and hosted on Lovable, which deploys static and server-rendered content over a global edge network. Traffic between your browser and the site is encrypted in transit using HTTPS (TLS). DNS and TLS certificates are managed by the hosting platform.

The only personal information actively collected is what you submit through the contact form — typically your name, email address, and the message you send. This information is used to reply to you and is not sold or shared for marketing.

Standard server and CDN request logs (IP address, user agent, timestamp, requested URL) may be retained by the hosting platform for operational and abuse-prevention purposes.

Public pages do not require an account. Administrative areas used to manage site content are protected by authenticated sign-in and server-side role checks. Passwords are never stored by this site directly; authentication is handled by the backend provider.

Site content and contact submissions are stored in a managed Postgres database provided by the backend platform. Access from the browser is gated by row-level security policies, and privileged operations run server-side.

The site uses a small number of vendors to operate: the hosting and backend platform (Lovable / its underlying infrastructure providers) and the domain registrar/DNS provider. No advertising trackers or third-party analytics that build cross-site profiles are used.

This site does not claim SOC 2, ISO 27001, HIPAA, PCI-DSS, or similar formal certifications. Those frameworks require independent third-party audits of an organization’s operations and are not represented here. If you need a vendor with a specific attestation for a procurement process, please reach out and I will tell you honestly whether this engagement requires one.

Privacy practices for visitors are described in the Privacy Policy.

If you believe you have found a security vulnerability affecting this site, please report it privately via the contact page with “Security” in the subject. Please do not publicly disclose the issue until it has been addressed. Good-faith reports are appreciated.

This page may be updated as the site evolves. Material changes will be reflected in the “Last updated” date above.