This page is maintained by Aglaia Software LLC to describe our general security practices and how to responsibly report vulnerabilities. It is not a certification.
Our practices
We apply least-privilege access controls, encrypt data in transit and at rest using industry-standard algorithms, follow secure development lifecycle practices, and routinely review our systems and dependencies.
Shared responsibility
For client engagements, security responsibilities are shared between Aglaia, the underlying cloud providers, and the client. Specific obligations are documented in each statement of work and data processing agreement.
Responsible disclosure
If you believe you have discovered a security vulnerability in our website or services, please email support@chromesaga.com with details. We commit to acknowledge reports within two business days and to work with you in good faith.
Out of scope
Automated scanner output without proof of impact, social engineering, and physical attacks are out of scope for our disclosure program.