Top line

Security at Clussie

FIDO2‑only login. EU/SE data residency. SCC/DPF for transfers where applicable.

Login: WebAuthn/FIDO2 only (no passwords). Admins: two YubiKeys + offline break‑glass.
Evidence: Signed Evidence Packages with hashes and timestamps.
Edge: WAF/rate‑limits, bot defence (Turnstile), least privilege.
Compliance: DPA/SCC, Annex TOMs, Sub‑processors list.

Report a vulnerability

Email security@clussie.com. Encrypt with our PGP key.

PGP fingerprint: TBD‑FINGERPRINT

PGP public key: /pgp.txt

security.txt: /.well-known/security.txt

Processor: Philip Devéus ("Clussie", sole trader). Address: Herkulesgatan 16, SE‑111 52 Stockholm, Sweden. Supervisory authority: IMY (Sweden).