§ Legal · Security
Security
Last updated · June 14, 2026
We're building Metivate to be trusted with a brand's voice, so we take security seriously from day one - even while the only data we hold is a waitlist email. Here's how we handle it today.
Data in transit
This site is served over HTTPS, and waitlist emails are delivered to us over an encrypted (TLS) connection. Your submission is not sent in the clear.
Minimal collection
The best way to protect data is not to collect it. At this stage we store only the email you give us - no passwords, no payment information, no sensitive personal data.
Secrets & access
- Credentials and API keys are stored as environment secrets, never committed to source control.
- Access to signup data is limited to the people who need it to operate the waitlist.
- We rely on reputable hosting and email providers that maintain their own security programs.
Responsible disclosure
If you find a vulnerability or something that looks wrong, we want to hear about it. Email security@metivate.com with the details and steps to reproduce. Please give us a reasonable chance to fix it before sharing it publicly, and don't access or modify data that isn't yours. We appreciate the help.
As we grow
When the product launches and starts handling real account and content data, this page will expand to cover authentication, encryption at rest, and our operational practices.
