1. Security Overview

Punisher is designed to protect customer data and credentials. We implement the highest security security controls, including encryption, protected credentials, and least-privilege access.

2. Encryption

• In transit: data is protected using TLS where applicable.
• At rest: stored data is encrypted where supported by underlying infrastructure.

3. Credentials & Secrets

We use protected authentication flows and do not expose access tokens.

4. Minimal Data & Retention

We aim to store the minimum amount of data necessary to provide the Service. Retention and deletion practices are described in the Privacy Policy and (where applicable) the Data Processing Addendum.

5. Responsible Disclosure

If you believe you have found a security vulnerability, please report it responsibly to: [email protected]. Please include steps to reproduce, impact, and any relevant logs.

7. Operator & Contact

Operator: PunisherLabsES (V. B. Badiuc). Address: Spain, Málaga, San Andrés 5.

For any questions (support, legal, privacy, security, billing): [email protected]

6. Status & Incident Communication

If a material security incident occurs, we will communicate in accordance with applicable law and contractual obligations.