Trust
This page is maintained by Stealth Layer Security to answer common security, privacy, and engagement-control questions about how we work. Sections describe enabled, in-use practices — not certifications.
Stealth Layer Security performs security testing only when written authorization is provided by the lawful owner of the assets to be tested, with confirmed scope and agreed Rules of Engagement in place beforehand.
We will decline or pause any engagement where authorization, ownership, or scope becomes unclear.
Engagement details, findings, and supporting evidence are treated as confidential by default. Internal access is limited to the personnel directly involved in delivering the engagement.
Reports and evidence are shared with the client through agreed delivery channels and are not used to identify clients in marketing without explicit, written consent.
We collect the minimum information needed to scope and execute an engagement. Where possible, testing is performed against environments containing synthetic or de-identified data.
Engagement artifacts are retained for an agreed period for retest support, then securely deleted in line with the engagement's data handling agreement.
Every engagement begins with the following confirmations: