Security

The site is served over HTTPS (TLS). Hosting and CDN are provided by Vercel Inc. — see our subprocessors list.

Fonts are self-hosted from npm packages — we do not load Google Fonts from CDN to avoid unnecessary IP transfers to Google.

Third-party scripts are limited to Google Analytics, loaded only after cookie consent (Google Consent Mode v2, default denied).

Internal system access (repository, hosting, MailerLite, analytics) follows least privilege and identity verification.

Production API keys and credentials are never exposed in client code or public repositories.

Waitlist operational logs mask email addresses in stdout (first character + domain).

Waitlist signup requires explicit consent (checkbox) with a link to the privacy policy.

We record consent text version, timestamp, page locale, and pass metadata to MailerLite (including IP and user-agent).

After signup the address is added directly to the MailerLite mailing list (single opt-in). Users can withdraw consent anytime via the unsubscribe link in emails.

At launch we plan: encryption in transit, customer data isolation (multi-tenant), backups, campaign audit logs, and suppression lists (opt-out).

B2B customers will receive a DPA and subprocessors list before production use.

Vulnerability and security incident reports: hello@propersend.pl (subject: Security).

Privacy and data subject requests: privacy@propersend.pl.

Personal data breaches are handled per GDPR Art. 33–34 (UODO notification within 72 hours when required, and data subjects when high risk).

B2B customers as controllers will be notified per the DPA (target: 48 hours from awareness).

Full compliance documentation in our Trust Center:

• Trust Center — /centrum-zaufania
• Privacy Policy — /polityka-prywatnosci
• Subprocessors — /subprocesorzy
• Data Processing Agreement — /umowa-powierzenia
• Cookie Policy — /polityka-cookies