Security & Privacy
How we handle your data
The honest version. No legal-ese.
Transport security
Every page on diamonds.skygem.tech is served over HTTPS with HSTS preload, meaning every modern browser refuses to load the site over plain HTTP — even before your first visit. We use a recent TLS 1.3 cipher suite and a 2-year HSTS max-age.
Lead capture (consultation form & quiz)
Submissions go directly to a Supabase Postgres database. The leads table uses Row-Level Security: anonymous visitors can only insert rows, never read, update, or delete them. The browser-side API key has no SELECT permission. No service-role keys are ever shipped in the website bundle.
Confirmation emails and the 14-day educational drip are sent via Resend, a transactional-email provider that signs every outbound message (SPF + DKIM + DMARC aligned). Every email contains a one-click unsubscribe link backed by a per-recipient signed token; once you unsubscribe, the database flag flips immediately and no further messages are queued. Bounce and complaint events are received over a signed webhook (Svix signature verified server-side) so we drop dead addresses without manual intervention.
AI training
We do not train AI models on customer data, and we do not sell or share form submissions with third parties for model training. Our public site content (journal articles, FAQ, glossary) is openly available to answer engines like Claude, ChatGPT, Perplexity, and Google AI Overviews per our robots.txt.
Response headers
Every page response carries a strict Content-Security-Policy, X-Frame-Options: DENY, X-Content-Type-Options: nosniff, Referrer-Policy: strict-origin-when-cross-origin, and a Permissions-Policy that disables camera, microphone, geolocation, payment, and motion sensors — none of which we need.
Reporting a vulnerability
Found something off? Email the operator with details. We treat responsible-disclosure reports the same as bug reports — acknowledge within 48 hours, fix high-severity issues within 7 days, and credit researchers in the audit runbook unless requested otherwise.