Trust

Security

Last updated 12 July 2026

Scoring stays on the server

The scoring engine, its weights and its polarities never ship to the browser. A client device sends raw interactions; everything that turns behaviour into a score runs server-side. This protects both the integrity of the measurement (a client cannot game what they cannot see) and the intellectual property of the engine.

Assessment links

Assessment invitations are single-use tokens, stored only as SHA-256 hashes. A link works once, can be revoked and reissued by the adviser, and assessment pages are sent with headers that forbid indexing and shared caching. Clients never need an account or a password.

Tenant isolation

The platform is multi-tenant with row-level security in the database, and every query and mutation is additionally scoped to the firm on the server. One firm cannot read another’s clients, assessments or records. Unauthenticated clients touch the database only through two narrow token-authorised functions; they have no table access at all.

Sealed, reconstructable records

Every completed sitting stores its raw inputs, the engine version that scored it, the full output and a SHA-256 seal over the result. Adviser overrides are recorded with who, when and why. Any figure in any report can be traced back to the inputs that produced it.

Transport and platform

All traffic is served over TLS. Responses carry hardening headers including X-Content-Type-Options, Referrer-Policy, frame restrictions and a Permissions-Policy that disables camera, microphone and geolocation. Secrets live in server environment configuration and are never sent to the browser.

Reporting a concern

If you believe you have found a vulnerability, please report it through the contact page and we will respond promptly.