Security questionnaire stubs

Caveat emptor: This page is shorthand for spreadsheets — HostStack publishes public artefacts (SLA, privacy, subprocessors). A specific SOC 2 Type II assertion requires a mutually executed auditor report unless marketing states otherwise separately.

Do you encrypt data in transit?

HTTPS for customer-visible surfaces; KVM tenants manage their own intra-VM encryption unless negotiated otherwise.

Incident notification cadence?

Operational visibility on status; contractual breach posture under privacy / GDPR adjunct.

Backups?

Marketing baseline described on SLA — retention varies by SKU; advise customers retain offsite artefacts.

Vulnerability reporting?

Coordinated disclosure plus /.well-known/security.txt.