Trust Center privacy notice

What this site knows about you. Almost nothing.

This notice covers aevrix.org specifically — the Trust Center. For product privacy notices, see the relevant product surface. Last updated 2026-05-20.

What this site collects

Edge logs only.

aevrix.org is a static website. There is no application, no database, no account system, and no cookies set by us. When you visit, our edge provider (Cloudflare) records standard HTTP request metadata: IP address, user-agent, referrer, request path, response status. We use these logs only for security and abuse monitoring; we do not build a profile of you from them.

  • No analytics scripts. No Google Analytics, no Plausible, no Fathom, no first-party telemetry.
  • No third-party trackers. No advertising pixels. No social-media widgets that phone home.
  • No cookies set by us. The site is fully functional without cookies.
  • No fonts loaded from third parties. All fonts are self-hosted from /fonts/.
If you email us

Vulnerability reports & trust enquiries.

When you write to security@aevrix.org, trust@aevrix.group, or any other Aevrix mailbox, we receive your email address, the message content, and any attachments. We hold this email in Google Workspace under our standard mailbox configuration.

  • Retention: security correspondence is retained until 12 months after the issue is closed, then archived for a further 24 months for traceability, then deleted unless legal hold applies.
  • Access: only the security team and our incident commander have routine access. Wider access is logged in our internal ticket system.
  • Anonymous reporting: we accept reports from disposable inboxes and pseudonyms. We will only request real identity if it becomes necessary for credit, payout, or legal coordination — and only with your consent.
Public credit

When and how we name you.

If you ask to be credited at /hall-of-fame/, we publish the handle or name you chose, the bug class, and the date. We never publish your email address, your IP, the PoC, or any private correspondence without your written consent.

Your rights

GDPR / UK-GDPR / KVKK / Azerbaijani PD law.

Depending on where you are, you may have the right to access, rectify, port, restrict, or delete the personal data we hold about you, and to object to processing or lodge a complaint with a supervisory authority. To exercise any of these rights, write to:

Data protection contact

Single inbox for all data-subject requests.

privacy@aevrix.group →

Aevrix Group OJSC

Baku, Azerbaijan. Postal address available on signed DPA.

Data Processing Agreement →
Changes

How we update this notice.

We update this notice in place rather than maintaining historical versions on the same URL — older versions are available in git history of the underlying static site. Material changes are dated at the top of this page.