Security

Encryption in transit

The entire site is served over HTTPS/TLS, and we use HSTS to always force secure connections. We do not load resources over unencrypted channels.

Browser security policies

We apply a strict Content-Security-Policy and security headers (X-Content-Type-Options, Referrer-Policy, X-Frame-Options, Cross-Origin-Opener-Policy, and Permissions-Policy) to reduce the attack surface.

No third parties or tracking

We include no third-party scripts, marketing pixels, or tracking cookies.

Our analytics is first-party, cookieless, and anonymous: only aggregate counters, with no cookies or identifiers that could recognize you.

Data minimization

The contact form asks only for what is necessary and requires your explicit consent. See the Privacy Notice for what data we process and your rights.

Providers (processors)

When needed, we rely on providers that process data solely under our instructions and confidentiality obligations: Resend for sending the contact form email, and Deno Deploy for hosting and delivering the site.

Payments

If we offer online payments, they are processed by a payment provider using hosted checkout (Stripe). LabWeb does not store or directly process your card data.

Responsible disclosure

If you find a potential vulnerability, write to us at legal@labweb.mx. We appreciate responsible reports and will address them as a priority.

Continuous improvement

We are working to align our processes with recognized security and privacy frameworks (such as ISO/IEC 27001 and SOC 2) ahead of future audits. We will update this page as we progress.