Security
Our security posture, responsible disclosure process, and certification status.
◉ Note
EPICORTEK is an early-stage company. We are transparent about our current security posture. We do not claim certifications we have not obtained. This page will be updated as our security posture matures.
Certification status
EPICORTEK Technologies Inc. does not currently hold and does not claim any of the following certifications or compliance designations:
- SOC 2 Type I or Type II
- ISO/IEC 27001
- FedRAMP (Authorized, In Process, or Ready)
- CSA STAR
- PCI DSS
- HIPAA certification (not a certifiable standard, but not claimed)
We do not represent that our systems or artifacts are certified, audited, or compliant with any of the above frameworks unless explicitly stated elsewhere with supporting evidence.
Current practices
As an early-stage infrastructure company, we apply the following practices to our work:
- All cryptographic operations in AgIS use well-established algorithms (Ed25519, SHA-256) with no custom cryptography
- AgIS uses no symmetric secrets — all verification is based on public key cryptography
- Public code is hosted on GitHub and subject to open review
- We do not deploy untested code to production systems
- The AgIS reference implementation is alpha — it is not recommended for unreviewed production deployment
- Dependencies are tracked in published package manifests
Responsible disclosure
If you discover a security vulnerability in any EPICORTEK public artifact (AgIS SDK, CLI, or this website), please report it responsibly:
- Email: hello@epicortek.com — subject line:
Security disclosure - GitHub: Open a private security advisory on the relevant repository
We will acknowledge receipt within 5 business days and will work to address confirmed vulnerabilities promptly. We do not currently offer a bug bounty program.
Website security
This site is served as static HTML over HTTPS. We do not run server-side code, databases, or user authentication on this domain. Content Security Policy and other HTTP security headers are configured at the hosting level.
Contact
For security-related inquiries: hello@epicortek.com
Last updated: June 2026.