Security and privacy you can verify

Data protection

We minimize what we collect. The website forwards form submissions to our team by email; it does not store them in a public-facing database. Data handled by our providers is encrypted in transit with TLS and at rest. We do not sell your information and we do not use it to train AI models.

Infrastructure and hosting

visibleseed.com is a statically built site deployed to Cloudflare Pages, served from Cloudflare's global edge with DDoS protection, a CDN, managed TLS, and DNS. Dynamic endpoints run as isolated serverless functions. There is no long-lived application server behind the marketing site, and no customer production data lives on it.

Client applications and services run on reputable cloud infrastructure - primarily Oracle Cloud Infrastructure and Amazon Web Services - which provide physical security, network isolation, and encryption at rest. Our full provider list is on the subprocessors page.

Application security

• Source code is version-controlled in Git with change history and review.
• Continuous integration runs type checks and a production build on every change before it can ship.
• Dependencies are kept current and reviewed for known vulnerabilities.
• Forms use anti-spam controls (honeypots and bot mitigation) and strip control characters from input.
• Secrets are stored as environment variables in the hosting platform, never committed to source control.

Access control

Access to systems that hold client information is granted on a need-to-know basis, protected by multi-factor authentication, and removed promptly when no longer needed. Administrative actions are logged by the underlying platforms.

Privacy and your rights

Our Privacy Policy explains what we collect, why, how long we keep it, and the rights you have, including access, correction, deletion, and portability. EEA/UK residents have GDPR rights; California residents have CCPA/CPRA rights. To exercise any of them, email privacy@visibleseed.com.

Subprocessors

We publish the full, current list of third parties that may process personal data on our behalf, including what each one does and where it operates. See /subprocessors. Active clients can request advance notice of changes.

Incident response and breach notification

If we discover unauthorized access to personal information, we investigate immediately, contain the issue, and notify affected users without undue delay and within the timelines required by applicable law, describing what happened, what data was involved, and what you can do.

Business continuity

Code and configuration are stored in version control and can be redeployed quickly. Hosting runs on a globally distributed platform that tolerates regional failures. Client deliverables and operational records are backed up by the providers that hold them.

Report a vulnerability

We welcome reports from security researchers. If you believe you have found a vulnerability in our website or services, email security@visibleseed.com with steps to reproduce. Please give us a reasonable chance to fix the issue before public disclosure, and do not access or modify data that is not yours. We will acknowledge your report and keep you updated.

Machine-readable contact details are published at /.well-known/security.txt.

Documents available on request

For vendor reviews and procurement, we can provide:

• Security overview / questionnaire responses.
• Data Processing Agreement (DPA).
• Subprocessor list (also published here).
• Certificate of insurance, where applicable.

Request any of these from security@visibleseed.com or hello@visibleseed.com.

Contact

VisibleSeed LLC
3815 Reveille St
Houston, TX 77087, USA
Security: security@visibleseed.com
Privacy: privacy@visibleseed.com
General: hello@visibleseed.com