Current, bounded posture.
This page avoids controls, coverage, timelines, and guarantees that have not been independently verified from the deployed system.
Production traffic uses HTTPS. Exact protocol, cipher, and certificate posture should be verified from the live endpoint before procurement reliance.
Authenticated routes enforce application authorization. No claim is made that every database table has an identical policy or that application bugs cannot expose data.
OpsTicket uses Cloudflare, Railway, Supabase, Stripe, SendGrid, PostHog, Sentry, and Google or GitHub sign-in where configured. See the subprocessor page for the current functional list.
Verification relies on an active server-issued record and SHA-256 evidence hash. No external chain, public registry, or separate signing system is claimed.
No public patch, incident, disclosure, recovery, or notification deadline applies unless an executed agreement or law requires it.
OpsTicket does not represent an external security audit, certification, or service-organization attestation as complete or in progress.