Last updated: March 3, 2026
We take the security of our website and your data seriously. Here's an overview of how we keep things secure.
All traffic between your browser and agenticaifirst.com is encrypted using TLS (HTTPS). Our TLS certificate is issued by Let's Encrypt and auto-renews every 90 days. We enforce HTTPS exclusively — HTTP requests are redirected automatically.
Our website is a fully static export hosted on GitHub Pages. There are no server-side processes, no database connections, and no dynamic code execution on our servers. This significantly reduces the attack surface compared to traditional web applications.
Access to our GitHub repository and deployment pipeline is protected by two-factor authentication (2FA). Only authorised team members can push code or trigger deployments. Branch protection rules prevent direct pushes to the main branch.
Our site is deployed automatically via GitHub Actions on every push to the master branch. The deployment pipeline uses scoped tokens with the minimum permissions required. No secrets or credentials are stored in the repository.
We regularly review and update third-party dependencies to address known vulnerabilities. We use npm's audit tooling to detect vulnerable packages and prioritise patching.
As a static website, we do not operate our own databases or backend servers. Personal data you submit through our forms (name, email, message) is processed and stored by Formspree — not by us directly.
Analytics data collected via Google Analytics is anonymised and aggregated. We have enabled IP anonymisation to prevent full IP addresses from being stored.
We do not store payment card data, government ID information, or any sensitive personal data. If you engage us for services, any data exchanged as part of that engagement is handled under the terms of our separate service agreement and applicable data protection law.
We rely on the following trusted providers. Each maintains its own security programme:
Hosts our static website. GitHub maintains comprehensive physical and network security for its infrastructure. See the GitHub Security overview for details.
Processes our contact and newsletter form submissions. Formspree encrypts data in transit and at rest. See Formspree's security documentation for details.
Collects anonymised usage data. Google Analytics infrastructure is operated and maintained by Google LLC under their comprehensive security programme.
Issues and auto-renews our TLS certificate. Let's Encrypt is a free, automated, and open Certificate Authority run by the Internet Security Research Group (ISRG).
We welcome and appreciate the security research community's efforts to improve the security of our website and services. If you believe you have found a security vulnerability in our site, please report it to us responsibly.
We will acknowledge your report within 5 business days and keep you informed of our progress. We do not currently offer a bug bounty programme, but we will credit researchers who responsibly disclose valid vulnerabilities (if they wish to be credited).
If you have questions about our security practices or need to report a vulnerability, please contact us directly.
Contact Us →