Services

Security & best practices

Technical audits, Cloudflare hardening, GDPR compliance and best practices end to end, for real, verifiable security.

Security from end to end

Secure by default

Security is thought through from the architecture stage, not bolted on once the site is live. Strict HTTP headers, Cloudflare hardening, anti-DDoS protection and access control are part of every project's foundations, from the start.

The perimeter doesn't stop at the site itself. Workstation, everyday tools, password management and encryption of sensitive data matter just as much, because the attack surface goes well beyond the web page.

Compliant for your sector

When you start a business, you often don't realise there are rules to follow on personal data, cookies and privacy. And they change with your line of work, whether it's e-commerce, healthcare or client management.

We go over what actually applies to you, then put in place what's needed on the technical side, from limited data collection to controlled cookies. A clean base, respectful of your visitors and free of needless jargon.

Proof, not promises

Rather than claiming everything is secure, we show it. A concrete defensive audit identifies the real flaws, ranks them by risk level and proposes clear fixes, costed and backed by their expected impact.

Beyond the audit, we bring a high-level technical eye to your stack, on the tools to favour, the architecture to avoid and the dependencies to watch. The right decisions are made before the problem, not after.

The tools we use

The tools we use day to day, chosen for their reliability and performance.

Apple Apple

Apple

Apple devices and environments, controlled and hardened.

Visit site
Bitwarden Bitwarden

Bitwarden

Open-source password manager, end-to-end encrypted.

Visit site
ClamAV ClamAV

ClamAV

Open-source antivirus to scan files and servers.

Visit site
Cloudflare Cloudflare

Cloudflare

WAF, anti-DDoS, DNS/SSL hardening and edge protection.

Visit site
Crowdsec Crowdsec

Crowdsec

Collaborative detection and blocking of malicious behaviour.

Visit site
Cryptomator Cryptomator

Cryptomator

Transparent file encryption before upload to the cloud.

Visit site
Docker Docker

Docker

Isolation and reproducibility of environments.

Visit site
Fail2ban Fail2ban

Fail2ban

Automatic IP banning after suspicious attempts.

Visit site
GitLab GitLab

GitLab

Code management, versioning and continuous integration.

Visit site
GnuPG GnuPG

GnuPG

Encryption and signing of data and communications.

Visit site
Linux Linux

Linux

Hardened servers and controlled environments.

Visit site
LuLu LuLu

LuLu

Open-source outbound firewall for macOS.

Visit site
Proton Proton

Proton

Privacy-first suite: encrypted mail, VPN and storage.

Visit site
Uptime Kuma Uptime Kuma

Uptime Kuma

Uptime monitoring, open-source and self-hosted.

Visit site

Let's give your project a clear direction.

A conversation to frame the goals, the deliverables, the budget and the launch.