1. Architecture
The Site is a fully static build. Every page is generated at build time and served as pre-rendered HTML, CSS, and client-side JavaScript. There is no application server, no database, no session store, and no runtime API surface under our control. This eliminates entire classes of server-side risk at the infrastructure layer.
The only data paths that leave the browser are:
- Contact-form submissions, posted directly to a third-party form vendor endpoint.
- Aggregate analytics beacons sent to Google Analytics 4, only after explicit consent.
- Client-side error reports sent to Sentry, only after explicit consent.
2. Data handled on this Site
The datasets rendered in every analytics visualization on the Site are synthetic. They are not derived from any real organization, do not contain personally identifying information, and are not protected health information. The Site does not store, transmit, or display live customer procurement data.
The only personal information we receive is what you voluntarily submit through the contact form at /get-started. Handling of that information is described in our Privacy Policy.
3. Transport and content security
All traffic is served over HTTPS with TLS provisioned and renewed automatically by Cloudflare. HTTP requests are redirected to HTTPS at the edge. We apply a restrictive Content Security Policy, X-Content-Type-Options, X-Frame-Options, Referrer-Policy, and Strict-Transport-Security at the CDN layer.
The Site does not execute third-party scripts prior to consent. Analytics and error-monitoring scripts are injected client-side after an explicit consent signal from the cookie-consent platform.
4. Abuse and bot protection
The contact form includes a hidden honeypot field that filters automated bot submissions before they reach the form endpoint. The Cloudflare Web Application Firewall provides additional bot management, rate limiting, and basic abuse protection in front of the Site.
5. HIPAA and regulated data
This Site is not designed for or intended to process protected health information (PHI). The Versatex Analytics platform supports HIPAA-compliant deployments for customer engagements; this demonstration site processes only synthetic data. Do not submit PHI, regulated financial data, or other sensitive information through the contact form or any other page of this Site.
6. Dependencies and build integrity
The Site is built from a version-controlled repository with pinned dependencies. Continuous integration enforces type checking, linting, unit and end-to-end tests, accessibility checks against WCAG 2.1 AA, and per-route bundle-size budgets on every pull request before a build is eligible for deployment.
7. Responsible disclosure
If you believe you have discovered a security vulnerability affecting this Site, please report it privately to [email protected]. We ask that you:
- Provide sufficient detail to reproduce the issue (URLs, steps, expected vs. observed behavior).
- Give us reasonable time to investigate and remediate before any public disclosure.
- Avoid destructive testing, denial-of-service testing, or actions that could degrade service for others.
- Do not access, modify, or exfiltrate any information beyond what is necessary to demonstrate the vulnerability.
We will acknowledge your report within a reasonable timeframe, keep you informed of remediation progress, and credit your disclosure if you wish.
8. Scope of this page
The controls described above apply to versatexanalytics.com. Security posture for the Versatex Analytics platform itself, including customer deployments, is described separately under each engagement's data-processing and security documentation.