Security overview

This overview describes the information-security practices the practice operates around akhaydarov.com and any client-facing systems used to collect, process, or store client information — including project briefs, drawings, contracts, and payment details.

All connections to akhaydarov.com are served over HTTPS with TLS 1.3 (TLS 1.2 fallback) at the edge by Cloudflare. Plain HTTP requests are upgraded to HTTPS automatically. HSTS is enabled. Email between the practice and clients is delivered over TLS where supported by the recipient mail server.

Critical systems. All systems used to store or process client information — email, document storage, accounting, contract signing, and any payment processor — are protected with multi-factor authentication on the principal’s account. Account recovery uses a hardware security key where the platform supports it.

Public site. akhaydarov.com is a marketing surface and does not have user accounts; there is no client-facing authentication on this domain.

The practice collects only the information needed to respond to inquiries and operate the website. The full Privacy notice describes what is collected, how it is used, and how to request deletion.

Inquiry email is delivered in transit through Resend (a transactional email provider) and routes to a managed Fastmail inbox. Both providers process the message strictly to deliver it. Where payments are accepted, processing is performed by an established processor that meets PCI DSS requirements; the practice does not directly handle credit-card data.

Devices used to access client information run current operating systems with full-disk encryption enabled, automatic security updates, screen-lock timeouts, and a password manager for unique per-site credentials. Backups of contractual and project data are encrypted at rest.

On a suspected security incident the principal will investigate, take reasonable steps to contain the incident, preserve relevant evidence, and notify affected parties and regulators as required by applicable law. Material incidents will be communicated directly to clients whose information may be involved.

Researchers and others who identify a security issue with this site or with any system the practice operates are encouraged to write to support@akhaydarov.com. Reports are acknowledged within five business days. Good-faith research that respects user privacy and avoids service disruption is welcomed.

This overview will be updated as the practice’s systems and processes evolve. The effective date above will reflect the most recent revision.