Security

Data handling

We collect only what we need to deliver our services, and we share data with third-party providers only when required to perform a function. Where you share customer data with us for a build, we act on your instructions and will sign a data processing agreement on request.

Access and accounts

• Access to client systems and credentials is limited to the people working on your project.
• We use reputable providers (such as Vercel, Google, and Notion) with their own strong security programs.
• We prefer scoped, revocable access over shared passwords, and we remove access when an engagement ends.

The systems we build

Sites and automations we deliver are built on secure, well-supported platforms with HTTPS by default. AI features are designed with human review in mind for anything customer-facing, financial, or sensitive.

Reporting a vulnerability

If you believe you have found a security issue, please email kevino@obarolabs.com with the details and we will respond promptly. Please do not publicly disclose it until we have had a chance to address it.