Legal & company

Security policy

How we approach information security for Armorbullet Host platforms and customer environments.

Last updated: July 10, 2026

These documents apply to armorbullet.host and related Armorbullet Host services. They are provided for transparency and operational clarity. For binding advice in your jurisdiction, consult a qualified professional.

1. Overview

We design systems with defense-in-depth: least privilege access, encryption in transit, monitoring, and operational controls. Security is shared: we secure the platform; you secure your applications, code, and credentials.

2. Platform controls

  • TLS for web traffic where certificates are configured.
  • Password hashing for customer and admin accounts.
  • Session protections (e.g. CSRF tokens on forms).
  • Role separation between public site, customer panel, and admin tools.
  • Logging of security-relevant events for investigation.

3. Customer responsibilities

  • Strong unique passwords and careful API/key handling.
  • Timely updates of CMS, plugins, themes, and custom code.
  • Secure file permissions and review of third-party scripts.
  • Backup of critical data beyond any platform backups.

4. Vulnerability reports

If you believe you found a security issue in our platform (not a customer website), email security@armorbullet.host with steps to reproduce. Please do not publicly disclose until we have had a reasonable chance to remediate. Do not access other customers’ data.

5. Incident response

We investigate incidents affecting our systems and will notify affected customers when legally required or when transparency is appropriate. Customer-site compromises remain primarily the account owner’s responsibility; we may assist with isolation when abuse is detected.

Questions? Contact us or email legal@armorbullet.host