Trust & Security

We hold ourselves to the same grade we give you.

We scan ourselves

kalasec.com runs through our own free scanner, and we fix what it finds. A security company that won't harden its own site has no business grading yours.

Target: Grade A

A recent self-scan surfaced 4 missing HTTP security headers (HSTS · CSP · X-Frame-Options · Permissions-Policy). Fixed via a Cloudflare _headers policy; we re-scan on each deploy.

How we handle your scan data

A free scan reads only publicly visible information about your site — certificate, headers, DNS, public pages — the same data any visitor's browser sees. No login, no intrusion.
Free scans are computed on our own server: your URL is not sent to any third-party AI on a free scan.
We do not sell your data. Aggregate, anonymised patterns may improve detection (see Privacy).

Our stack, stated openly

We name the tools we run rather than hide them — Python ssl, DNS, security-header inspection and tech fingerprinting on the free tier; deeper active testing and Claude-written reports on paid. The orchestration and verification are ours.

Responsible disclosure

Found a security issue in Kalasec itself? Email [email protected] — we respond quickly and will credit you if you'd like.

No security assessment — ours included — can guarantee a site is unbreakable. We report what we find and show you how to fix it.