Privacy by design
We aim to keep this site lightweight, reduce unnecessary data collection, and separate optional tools from core site functionality.
Security Overview
Security & Data Protection
Overview of the safeguards, operating principles, and provider controls that support the public SpeakUp website.
Last updated: March 30, 2026
Access control
Administrative access is limited to authorized team members and provider dashboards needed to run the site.
Vendor boundaries
Analytics, maps, and form delivery are handled by separate providers with distinct privacy and security responsibilities.
Incident response
If we become aware of a material issue affecting this site or its processors, we review scope, contain impact, and communicate as required.
SpeakUp Trust Portal
Privacy, security, vendors, and review materials in one place
Find the key public trust documents, follow-up review materials, and the right next step without bouncing between separate policy pages.
Core documents
01
Scope of this page
This page describes the public website, its browser-side behavior, and the providers involved in delivering it. It is intended to provide a factual overview of site-level safeguards and does not replace customer contracts, audit reports, or internal security policies.
02
Operating principles
- Collect as little personal data as practical on the public website.
- Use specialized providers only for specific, documented purposes such as analytics, contact routing, or map embeds.
- Review processors and remove tools that no longer provide clear value.
- Favor transparency so legal pages match the actual implementation.
03
Assurance and compliance context
This page is intended as a public trust overview for the SpeakUp website. Public trust statements should be read together with the actual scope of the relevant controls, certifications, contractual commitments, and service boundaries, including GDPR-oriented controls and, where relevant to scope, ISO 27001, SOC 2 Type II, PCI DSS, and HIPAA-related safeguards.
Public trust marks should correspond to controls, audits, or regulatory commitments that are actually applicable to SpeakUp or to the specific in-scope environment.
Where assurance materials are shared, they should be described with the correct scope, report type, and limitations instead of as blanket claims.
Third-party provider certifications do not automatically mean the entire SpeakUp service is certified to the same standard.
04
Technical safeguards
- Public production delivery uses HTTPS together with browser-side protections provided by the hosting and CDN stack.
- The site uses session-based recovery logic to reduce broken frontend states after failed chunk loads.
- Analytics is configured with IP anonymization enabled in the current website implementation.
05
Organizational safeguards
- Provider access is limited to team members with a business need.
- Contact requests are shared internally on a need-to-know basis.
- Legal, privacy, and vendor documentation is reviewed when adding new third-party services to the site.
06
Scope boundaries
- This page describes the public website, its browser-side behavior, and the public-facing processors it currently relies on.
- Detailed certificates, reports, questionnaires, or customer-facing assurance documents may have separate scopes, contractual conditions, and distribution controls.
07
Reporting a security concern
If you believe you found a vulnerability or a data protection issue affecting this site, please contact us with a clear description, the affected page or flow, and reproduction steps if available.
Please do not include unnecessary personal data in your report and avoid destructive testing.
A machine-readable disclosure contact is also available at /.well-known/security.txt.
08
Security contact
Use the address below for questions or reports relating to website security, privacy, or responsible disclosure.
Security contact
contact@speak-up.proTrust Workflow
Need a structured package for legal, privacy, or security review?
Use the Trust Package path when your team needs the next layer beyond the public trust pages.