Security
Civil Memory treats security, privacy, archive integrity, and careful disclosure as part of its public-interest responsibility.
Last Updated: May 8, 2026
Security Posture
Public, private, and administrative surfaces should remain separated.
Sensitive operations should use least privilege, explicit authorization, logging where appropriate, and reviewable workflows.
TLS should be used for public web traffic. Secrets should remain server-side or in appropriate secure stores, not public frontend code.
Backups, monitoring, diagnostics, and recovery records may be used where appropriate.
Responsible Disclosure
Send security reports privately to [email protected] with enough detail to reproduce the issue.
Do not send passwords, private keys, credentials, PHI, regulated records, exploit payloads, or highly sensitive records through general forms.