SECURITY
POLICY

1. OVERVIEW

SAPIEN X is committed to maintaining the highest standards of security across its platform, data, and client deliverables. This Security Policy outlines the technical and organizational measures we implement to protect our systems, our clients' information, and the integrity of our intelligence products.

Given the sensitive nature of our work — serving defense contractors, surveillance organizations, and government agencies — security is not a feature but a foundational operating principle.

2. PLATFORM SECURITY

The SAPIEN X website and client-facing platform implement the following technical security measures:

• End-to-end encryption enforced on all pages and data transmissions
• Advanced HTTP security controls and browser-level protection policies
• Traffic filtering and blocking of malicious requests at the network level
• Protection against brute force and denial-of-service attacks
• All unencrypted requests are automatically redirected to secure connections
• No public exposure of internal infrastructure, technology stack, or server details

3. FORM & DATA SUBMISSION SECURITY

All briefing requests submitted through our platform are protected by multiple layers of technical and server-side security measures designed to prevent abuse, spam, and unauthorized submissions. Input validation is enforced on all fields prior to processing. No sensitive data is stored client-side.

4. DELIVERABLE SECURITY

Intelligence reports and synthetic datasets delivered to clients are protected through the following measures:

• All intelligence reports bear the marking "SAPIEN X CONFIDENTIAL" in their header and are transmitted via secure, encrypted channels only
• Synthetic datasets are protected by proprietary technical measures designed to enable origin tracing and leak detection — the specific nature of these measures is classified
• Each client delivery is uniquely identifiable, enabling forensic investigation in the event of unauthorized distribution
• Clients are contractually bound to confidentiality obligations upon receipt of any SAPIEN X deliverable

5. ACCESS CONTROL

Access to SAPIEN X systems, data, and client deliverables is strictly controlled:

• Access to submitted briefing requests is restricted to authorized SAPIEN X personnel only
• Internal systems operate on a need-to-know basis — no employee has unrestricted access to all client data
• All internal access is logged and monitored
• Third-party access is limited to designated subprocessors operating under contractual data protection obligations

6. INCIDENT RESPONSE

In the event of a confirmed security incident affecting client data, SAPIEN X commits to the following response protocol:

• Immediate containment and investigation upon detection of a breach
• Notification of affected clients within 72 hours of confirmed breach discovery, in accordance with GDPR Article 33 and applicable data protection regulations
• Full incident report provided to affected parties detailing the nature, scope, and remediation of the breach
• Cooperation with relevant data protection authorities as required by law

7. VULNERABILITY DISCLOSURE

SAPIEN X does not currently operate a public bug bounty program. However, we welcome responsible disclosure of security vulnerabilities from security researchers and clients.

If you have identified a potential security vulnerability in our platform, please report it directly and confidentially to our security team. We commit to acknowledging all reports within 5 business days and to addressing confirmed vulnerabilities in a timely manner.

8. POLICY UPDATES

This Security Policy is reviewed and updated regularly to reflect changes in our technical infrastructure, threat landscape, and regulatory requirements. The "Last updated" date at the top of this page reflects the most recent revision.