Security is built into how we operate. Short, specific, and relevant to helloMachine.
Architecture & Data Flow
- Transport: All web traffic is served over HTTPS/TLS.
- Payments: Card data handled by Stripe; we never store full card numbers.
- Generator: You submit a website URL and email. We analyze public pages and produce a draft
llms.txt. We host a copy and email a download link. - Subscriptions/Consulting: Materials you share are used solely to deliver your project. Customer data is segmented with least‑privilege access.
Data Security Controls
- Access controls: MFA for staff accounts, role‑based permissions, and audit trails on production systems.
- Secrets management: Environment‑scoped secrets; rotation on change; no secrets in source control.
- Backups & recovery: Automated backups with periodic recovery tests for core data stores.
- Hardening: Principle of least privilege, egress restrictions where applicable, dependency monitoring.
- Logging & monitoring: Centralized logs, anomaly alerts, and rate‑limits to reduce abuse.
AI & Model Providers
When we use third‑party model APIs to transform text, they act as processors under our instructions. We don’t use your materials to train public models. Outputs are probabilistic; human review is required.
Vulnerability Disclosure
If you believe you’ve found a security issue, email legal@hellomachine.agency with details and steps to reproduce. We’ll acknowledge, triage, remediate, and keep you informed. Please avoid public disclosure for a reasonable time while we fix the issue. Do not test against live payment flows or attack other customers.
Incident Response
- Immediate investigation of alerts; contain, eradicate, recover per runbooks.
- Notice to affected customers without undue delay if a breach of personal data is likely to pose a risk, consistent with applicable law.
Enterprise Options
- SSO, role‑based access, audit logs for enterprise plans.
- Security reviews and a Data Processing Agreement (DPA) available on request.
Questions
See below.