Security
Last updated 11 March 2026
This page describes the security measures we apply to protect the Guaglio platform and your data. Security is an ongoing process and we continually review and improve our controls.
To report a security concern or vulnerability, contact info@guaglio.co.uk with the subject line "Security".
Infrastructure
- The platform runs on a dedicated server hosted by Hetzner in the EU (Finland)
- The server runs Ubuntu 24 LTS with automated security updates enabled
- PostgreSQL 16 is used for all structured data storage
- HTTPS is enforced on all connections using TLS certificates managed by Let's Encrypt (Certbot), renewed automatically
- The application server (FastAPI with Uvicorn) listens only on localhost and is reverse-proxied through Nginx
Authentication and access control
- Passwords are hashed using bcrypt before storage. Plaintext passwords are never stored or logged
- Authentication uses JWT tokens stored in browser sessionStorage (cleared on tab close)
- Login attempts are logged with IP address and user agent for security monitoring
- Failed login attempts are rate-limited
- Admin endpoints require a separate authentication token and all admin actions are written to an audit log
- Server access is restricted to SSH key authentication only. Password-based SSH is disabled
Data protection
- All data in transit is encrypted using TLS 1.2 or later
- Database connections are local (localhost) and do not traverse the network
- Payment processing is handled entirely by Stripe. We do not store card numbers, CVVs, or other payment card data
- API keys for third-party services (Anthropic, Stripe, Mailjet) are stored in a restricted environment file, not in code
- Questions submitted to Ask GUAGLIO are sent to Anthropic's API over an encrypted connection. Anthropic's data processing terms govern their handling of this data
Application security
- Input validation on all user-facing endpoints
- Parameterised SQL queries throughout (no string concatenation in database queries)
- CORS headers configured to restrict cross-origin access
- Export and access requests are logged in an audit table for accountability
- Dependencies are monitored and updated regularly
Monitoring
- Systemd service monitoring with automatic restart on failure
- Scheduled jobs (scraper, digest, update checker) run under systemd timers with logging via journalctl
- Nginx access and error logs retained for operational monitoring
- Database connection pooling with health checks
Backups
- Database backups are performed regularly
- Backup integrity is verified periodically
- The obligation register source files (Excel workbooks) are maintained as versioned master copies separate from the database
Incident response
In the event of a suspected security incident affecting customer data, we will:
- Investigate promptly to determine the scope and impact
- Take immediate steps to contain and remediate the incident
- Notify affected customers without undue delay where the incident is likely to pose a risk to their rights
- Report to the ICO within 72 hours where required by UK GDPR Article 33
- Document lessons learned and implement improvements
Responsible disclosure
If you discover a security vulnerability in the Guaglio platform, we ask that you report it responsibly by contacting info@guaglio.co.uk. Please allow us reasonable time to investigate and address the issue before disclosing it publicly.