Trust, security & privacy

Administrative access to the Lab is restricted to named accounts and protected by Google single sign-on. Role-based access controls limit who can publish, edit, or delete resources. Public visitors do not need an account to browse published content.

The Lab does not collect sensitive personal information from public visitors beyond standard web analytics. Any data submitted through forms is transmitted over TLS and stored in a managed Postgres database with row-level security policies enforced at the database layer.

The site is hosted on globally distributed edge infrastructure with automatic TLS, DDoS protection, and continuous platform patching provided by our hosting partner. Backend services and the database are operated by a managed cloud provider with encryption at rest and in transit.

Articles, guides, and downloadable attachments published in the Lab are intended to be public. Links to attachments are designed to be shareable; do not upload confidential documents to the Lab unless you intend them to be publicly accessible.

We use privacy-respecting analytics to understand how the Lab is used and to improve content. We do not sell visitor data. For questions about your data or to make a privacy request, contact us using the details on our About page.

If you believe you have found a security vulnerability, please contact us privately before public disclosure so we can investigate and remediate. We appreciate responsible disclosure and will respond as quickly as we can.