Legal

Trust & Security

At Trekme.pro, we take data security, infrastructure integrity, and user privacy seriously. This page outlines our current technical safeguards, third-party subprocessors, and vulnerability disclosure policy.

Scope: Product security, infrastructure, disclosure Contact: security@trekme.pro

Data Protection & Security Controls

Hosting & Infrastructure

Trekme.pro runs its production application stack on AWS infrastructure in the eu-central-1 region. Our deployment includes AWS ECS Fargate, AWS RDS PostgreSQL, AWS SES, and AWS Secrets Manager for production secrets.

Encryption in Transit

Traffic to Trekme.pro is served over HTTPS. The application is configured with secure cookie settings and HTTP Strict Transport Security (HSTS) to reduce the risk of interception and downgrade attacks.

Account Access Visibility

Trekme.pro provides account-level visibility into recent access activity. Authenticated users can review:

  • Active web sessions for their account
  • Web sign-in history with timestamps, IP addresses, and user-agent strings
  • Per-key MCP access history with timestamps, IP addresses, and user-agent strings

Observability & Monitoring

Trekme.pro uses New Relic for application performance monitoring and CloudWatch Logs for operational logging. We also use GetTerms for cookie consent management on public pages.

Authorized Subprocessors

Trekme.pro uses a small set of service providers to operate the product. These providers support infrastructure, observability, and legal consent management.

Subprocessor Purpose Notes
Amazon Web Services (AWS) Core cloud infrastructure, database, email, and secret management Production deployment is documented in AWS eu-central-1
New Relic Application performance monitoring and operational observability Used for APM instrumentation and deployment observability
GetTerms Cookie consent and legal consent management Loaded on public-facing pages for cookie consent

Vulnerability Disclosure

We welcome responsible reports from security researchers. If you believe you have identified a security issue in Trekme.pro or one of its MCP-related surfaces, please send your report to security@trekme.pro.

What to Include

  1. A clear description of the issue
  2. Reproduction steps or a minimal proof of concept
  3. The potential impact and affected surface

Our Commitment

  • We aim to acknowledge reports within 3 business days
  • We will investigate, prioritize, and remediate validated issues
  • We will not pursue legal action for good-faith research that avoids data destruction, service disruption, and public disclosure before a fix is available