Trust is built, not claimed.
WhiskerMatch handles sensitive records about living animals and the people who care for them. Security is treated as a public surface — not an internal checkbox.
Small attack surface by design.
During early pilot onboarding the site is a static marketing site with no API routes and no server-side database. Inquiries are handled through direct email — there is no backend that receives or stores visitor data. This meaningfully reduces the attack surface compared to a platform with live API endpoints.
TLS in transit
All traffic is served over HTTPS. Our hosting provider (Vercel) enforces TLS and manages certificate renewal automatically.
Secure headers
Strict-Transport-Security, Content-Security-Policy, X-Frame-Options, X-Content-Type-Options, and Referrer-Policy are enforced on all routes.
No API routes, no inquiry backend
There are no API endpoints on this site that receive or persist visitor data. Contact and request-access workflows open the visitor's own mail client — nothing is transmitted to the site.
Static hosting
The site is hosted on Vercel's edge network. No application server, no database, no session management at this stage.
Organizations own their records. We do not override that.
When the WhiskerMatch platform launches, shelter and rescue data will belong to the organization. WhiskerMatch will not sell, rent, or repurpose organizational records for advertising or analytics beyond operational product improvement. These principles are stated here so they can be held to account.
Organization-owned data
Shelters and rescues will retain authority over their records, public fields, and data destination. The platform will not override that authority.
Clear retention policies
Data retention periods will be documented and enforced when the platform launches. See our data retention page for current policy on correspondence.
No ad targeting
Adopter household profiles and shelter records will not be sold, rented, or fed into marketing or ad graphs.
Subprocessor transparency
We list every service that touches data — hosting, email — with plain-language descriptions of what each does.
See something? Say something.
If you discover a security issue, we want to know. Our vulnerability disclosure policy provides a safe harbor for responsible research. Report to founders@veldarium.com with a description, steps to reproduce, and the potential impact.
Questions about our security posture?
We treat security as a conversation, not a document. If you have questions or need specifics for your organization's review, get in touch.