🔐 Trust portal

Trust & Security

slavin.pro is Emil Slavin's personal professional platform - IT strategy, architecture, AI consulting. This page documents how we handle security disclosure, privacy, observability, and data residency for the property.

RFC 9116

Security.txt

GDPR

EU Residency

24h

Disclosure ACK

HSTS 1y

+ Preload

At-a-glance

🛡️ Security Disclosure Active

RFC 9116 security.txt at /.well-known/security.txt. Coordinated disclosure to [email protected].

📡 Observability Active

Sentry browser SDK Loader Script with BrowserSession + BrowserTracing + Replay integrations on every page. Event routing to slatech-sites project.

🇪🇺 GDPR Compliant

Lead-form data retained 24 months unless contracted otherwise. No third-party advertising trackers on lead-capture pages. Analytics: Google Analytics + Yandex Metrika with anonymization.

🧱 Security Headers Active

HSTS (1y + preload), X-Content-Type-Options nosniff, X-Frame-Options SAMEORIGIN, Referrer-Policy strict-origin-when-cross-origin. X-Powered-By + X-AspNet-Version stripped.

📜 CSP Report-Only

Content-Security-Policy in Report-Only mode. Allowlist published in CSP header for transparency. Enforcing mode tracked for Q4 cutover after Sentry telemetry confirms no production breakage.

🍪 Cookies & Sessions Hardened

Session cookies Secure; HttpOnly; SameSite=Lax. No advertising cookies set on lead-capture pages. Analytics cookies set only post-consent on EU IPs.

🔗 Person Entity Provenance Active

Person canonical at /.well-known/knowledge-graph.json with verified sameAs to GitHub + ORCID. Cross-network references on sister sites validated against same @id.

🤖 AI / LLM transparency Public

Crawl-permitted via llms-full.txt (deep content) + llms.txt (index). robots.txt explicit-allow list for GPTBot, ClaudeBot, PerplexityBot, Google-Extended.

Data Residency

European Union (Germany / Ireland) for the slavin.pro property. Lead-form submissions forwarded to SLAtech LTD CRM with EU residency. No data transfer to jurisdictions without adequacy decision unless explicitly contracted.

Reporting a Vulnerability

Email [email protected] (or any of the channels in security.txt).
Acknowledgment within 1 business day; triage within 5 business days.
CVE assignment where applicable. Coordinated disclosure timeline negotiated case-by-case.
Public credit on this page (opt-in) for confirmed issues.

Independent Endpoints

/.well-known/security.txt - RFC 9116 contact + disclosure policy
/.well-known/knowledge-graph.json - Person + Organization canonical with sameAs verification
/.well-known/ai-manifest.json - AI crawler signal manifest
/sitemap.xml - full site index
/llms.txt · /llms-full.txt - AI training / inference disclosure
/robots.txt - crawler controls (explicit per-bot allow / deny)

Last updated: 2026-06-26 Operator: SLAtech LTD Property: slavin.pro Trust contact: [email protected]