Takumi Web Development
TAKUMI匠 ・ WEB DEV
Trust & Security

Trust & Security

This page is maintained by Takumi Web Development to answer common questions about how we handle security, data, and the day-to-day operation of your site.

We describe practices we actually use today. We do not claim SOC 2, ISO 27001, HIPAA, or PCI certification.

Security practices

  • All client sites are served exclusively over HTTPS with modern TLS.
  • Source code, deployments, and database access are gated behind multi-factor authentication.
  • Role-based access — only the people working on your project can see your data.
  • Secrets (API keys, database credentials) are stored in encrypted secret stores, never in source code.
  • No service or partner is given more access than the specific job they perform.

Hosting & infrastructure

  • Production sites run on Lovable Cloud (managed Supabase) and global edge CDNs for sub-second loads worldwide.
  • Automatic encrypted backups of databases are taken on a rolling daily schedule.
  • Edge caching and image optimization reduce origin load and exposure surface.
  • DNS, SSL renewal, and core platform patches happen automatically — no maintenance windows you have to schedule.

Data we collect & how we use it

  • We collect only the information you give us: name, email, phone, company, and details about your project.
  • We use it to deliver the work you hired us for and to follow up about your project — never to sell or share.
  • If you create a client portal account, we also store your sign-in identity and project files you upload to us.
  • We retain client data for the life of the engagement. You can request deletion at any time.

Process & uptime

  • Every site we ship has automated monitoring — we know if it goes down, usually before you do.
  • Care-plan clients get monthly security updates, dependency upgrades, and a written status report.
  • Code changes go through review and a staging preview before reaching your live site.
  • We keep a written runbook for restoring service from backups and rotating credentials.

Incident response

  • If something goes wrong with your site, we tell you — quickly, in plain language, with what we're doing about it.
  • Suspected security issues should be reported to the address below. We respond within one business day.
  • After resolution, you get a short written summary of what happened and what changed.

Shared responsibility

Security is a partnership. We secure the platform, the code we write, and the access we hold. You're responsible for the strength of your own account password, who you grant access to your portal, and the accuracy of the content you publish on your site.