How this website is secured
We audit other organisations' privacy and security practices. It would be contradictory not to hold ourselves to the same standard. This page documents exactly what mtecsoft.com does — and does not do — with your visit.
What we do not collect
No Google Analytics, no Matomo, no Plausible, no Fathom, no pixel trackers. Zero JavaScript analytics of any kind.
This website sets no cookies — neither first-party nor third-party. No consent banner is required because there is nothing to consent to.
No external JavaScript is loaded. Fonts are self-hosted. The only outbound request your browser makes is to this server.
What we do collect
Standard server access logs record IP address, timestamp, requested URL, HTTP status code, user agent, and referrer. These are used exclusively for security diagnostics and attack detection. IP addresses are not linked to any profile or identifier. Logs are automatically purged after 7 days.
HTTP security headers
default-src 'none'; script-src 'self'; style-src 'self' 'unsafe-inline'; font-src 'self'; img-src 'self'; base-uri 'self'; form-action 'none'; frame-ancestors 'none'
max-age=31536000; includeSubDomains — all connections forced to HTTPS with a one-year HSTS policy.
This site cannot be embedded in frames or iframes. Prevents clickjacking attacks.
strict-origin-when-cross-origin — referrer data is not leaked to external domains.
geolocation=(), microphone=(), camera=(), payment=() — browser APIs that could compromise privacy are explicitly disabled.
Prevents MIME-type sniffing attacks.
Vulnerability reporting
If you identify a security issue with this website, please contact disclosure@mtecsoft.com. Our security.txt file is published at /.well-known/security.txt in accordance with RFC 9116.