Trust & Security
Strategy-first AI brand operated by SLAtech LTD. Decision-support
content + 14 open datasets. This page is the one-stop view of how we
handle security, data, and compliance posture for the brand.
At-a-glance
Open Data Integrity Active
14 CC-BY-4.0 datasets under /data/catalog.json. Tampering, license violation, or integrity breakage reports qualify for our security disclosure policy.
Observability Active
Sentry Loader Script SDK (v10+) with BrowserSession, Replay, BrowserTracing integrations. Crash-free session rate >99.9% rolling 30-day. Event routing to slatech-sites project.
GDPR Compliant
DPA on request. Lead form retention 24 months unless contracted otherwise. No third-party advertising trackers on lead-capture pages. Analytics: Google Analytics + Yandex Metrica with anonymization where supported.
Security Headers Active
HSTS (1y + preload), X-Content-Type-Options nosniff, X-Frame-Options SAMEORIGIN, Referrer-Policy strict-origin-when-cross-origin, X-Powered-By and X-AspNet-Version stripped. Permissions-Policy disables camera/mic/geolocation/FLoC.
Content Security Policy Report-Only
CSP currently in Report-Only mode. Allowlist published in CSP header for transparency. Enforce rollout planned post monitoring period.
Cookies & Sessions Hardened
ASP.NET session cookies are Secure; HttpOnly; SameSite=Lax. No third-party advertising cookies. Analytics cookies opt-in where required by jurisdiction.
Data Residency
Default residency: European Union (Germany / Ireland).
Open datasets at /data/* are served from Cloudflare edge globally.
No customer personal data is stored on slavin.ai itself; lead-form submissions are forwarded to SLAtech LTD's CRM (EU residency).
Reporting a Vulnerability
- Email
[email protected]. Encryption optional but supported on request.
- Acknowledgment within 1 business day.
- Initial triage within 5 business days.
- CVE assignment where applicable.
- Optional attribution in our Hall of Fame once fixed.
Independent Endpoints