These documents apply to armorbullet.host and related Armorbullet Host services. They are provided for transparency and operational clarity. For binding advice in your jurisdiction, consult a qualified professional.
1. Overview
We design systems with defense-in-depth: least privilege access, encryption in transit, monitoring, and operational controls. Security is shared: we secure the platform; you secure your applications, code, and credentials.
2. Platform controls
- TLS for web traffic where certificates are configured.
- Password hashing for customer and admin accounts.
- Session protections (e.g. CSRF tokens on forms).
- Role separation between public site, customer panel, and admin tools.
- Logging of security-relevant events for investigation.
3. Customer responsibilities
- Strong unique passwords and careful API/key handling.
- Timely updates of CMS, plugins, themes, and custom code.
- Secure file permissions and review of third-party scripts.
- Backup of critical data beyond any platform backups.
4. Vulnerability reports
If you believe you found a security issue in our platform (not a customer website), email security@armorbullet.host with steps to reproduce. Please do not publicly disclose until we have had a reasonable chance to remediate. Do not access other customers’ data.
5. Incident response
We investigate incidents affecting our systems and will notify affected customers when legally required or when transparency is appropriate. Customer-site compromises remain primarily the account owner’s responsibility; we may assist with isolation when abuse is detected.