1. Overview
Pourtek recognizes that security is essential to maintaining trust with customers, partners, prospects, and website visitors. We use a defense-in-depth approach that combines secure infrastructure, encrypted communications, access controls, monitoring, validation, and trusted service providers.
Security practices evolve over time. We review and improve our controls as our website, products, infrastructure, integrations, and business needs change.
2. Website and Infrastructure Security
Our website is designed to use modern hosting, network, and transport protections. Depending on the service or environment, safeguards may include:
- HTTPS and TLS encryption for data transmitted between browsers and our website.
- Cloudflare security, traffic filtering, performance, and network-protection services.
- Firewall rules and restricted network exposure for infrastructure components.
- Secure configuration practices for hosting, containers, applications, and supporting services.
- Routine software updates and security patches where reasonably practicable.
- Logging and monitoring intended to help identify technical issues, abuse, and suspicious activity.
3. Application and Form Security
We design website forms and application endpoints to reduce common security and abuse risks. Relevant protections may include:
- Server-side validation of submitted information.
- Cloudflare Turnstile or similar bot-detection and abuse-prevention controls.
- Restrictions on accepted input, request methods, and content types.
- Rate limiting, traffic filtering, or request controls where appropriate.
- Separation of public website functionality from private credentials and server-side secrets.
- Error handling intended to avoid exposing sensitive implementation details.
Website visitors should not submit passwords, payment card details, government identification numbers, or other highly sensitive information through general contact forms unless a form expressly requests that information and is designed for that purpose.
4. Data Protection
We apply reasonable safeguards to protect information collected through the website against unauthorized access, alteration, disclosure, loss, or misuse. These safeguards may include encryption in transit, restricted access, secure credentials, environment-variable management, and retention practices appropriate to the information and business purpose.
We seek to collect only information reasonably relevant to the requested interaction, such as responding to an inquiry, booking a demonstration, preparing a proposal, evaluating a project, or supporting a business relationship.
No security method is perfect, and no system can be guaranteed to be completely secure. We therefore cannot warrant that unauthorized access, disclosure, alteration, or loss will never occur.
5. Access Controls and Credential Management
Access to administrative systems, infrastructure, and service-provider accounts is limited to authorized personnel and providers with a business need. Depending on the system, controls may include:
- Role-based or least-privilege access.
- Unique user accounts and controlled administrative permissions.
- Multi-factor authentication where supported and appropriate.
- Protected API keys, secrets, and environment configuration.
- Revocation or modification of access when responsibilities change.
6. Third-Party Service Providers
Pourtek relies on selected third-party providers to support website security, communications, hosting, and embedded services. These providers operate their own systems and maintain their own security and privacy practices.
Cloudflare
Supports website performance, network security, traffic filtering, and Turnstile bot verification.
Resend
Supports transactional delivery of website inquiry and contact-form email.
APPROVE
Operates the financing application embedded on or linked from the Pourtek website. Financing information submitted through that application is handled by APPROVE and its financing partners under their own practices.
We evaluate providers based on business need and available information, but we do not control every aspect of a third party’s systems or operations.
7. Availability, Backups, and Resilience
We use reasonable measures intended to support website availability and recoverability. Depending on the service, these measures may include backups, infrastructure monitoring, containerized deployment, documented configuration, redundancy provided by hosting or network vendors, and recovery procedures.
Website availability may still be affected by maintenance, software defects, provider outages, internet conditions, attacks, force-majeure events, or other circumstances beyond our control.
8. Customer and User Responsibilities
Security is a shared responsibility. Customers, users, and partners should:
- Use strong, unique passwords for any accounts associated with Pourtek products or services.
- Enable multi-factor authentication where available.
- Protect devices, networks, email accounts, credentials, and physical access.
- Install operating-system, browser, and application updates promptly.
- Restrict administrative access to authorized personnel.
- Notify Pourtek promptly of suspected unauthorized access, compromised credentials, or security incidents that may affect Pourtek systems or services.
9. Responsible Disclosure
We welcome good-faith reports of suspected vulnerabilities affecting the Pourtek website or related services. Please provide enough information for us to understand and reproduce the issue, including the affected page or service, steps to reproduce, potential impact, and any supporting screenshots or technical details.
When conducting security research, do not access, modify, retain, disclose, or destroy data that does not belong to you; disrupt service availability; use social engineering; perform denial-of-service testing; deploy malware; or attempt to compromise third-party systems.
We ask that you allow a reasonable period for investigation and remediation before publicly disclosing a reported issue.
10. Scope and Limitations
This page is provided for general informational purposes and does not create a warranty, service-level agreement, contractual commitment, certification, representation of regulatory compliance, or obligation beyond those stated in an applicable written agreement.
Security practices may differ among the Pourtek marketing website, customer deployments, mobile applications, integrations, hosted services, on-premises systems, and third-party products. Customers with specific security, privacy, compliance, architecture, or procurement requirements should contact Pourtek for information relevant to their proposed solution.
11. Contact Us
To report a suspected security issue or ask a security-related question, contact:
Review Pourtek's website policies or send our team a legal question.