How we hold the line.
A short note on the security posture of daxlio.com and the broader operating group — plus where to send vulnerability reports.
Site posture
daxlio.com is a static site served from Cloudflare’s edge with TLS 1.2+ enforced, HSTS, and no third-party trackers, analytics, or runtime scripts beyond Google Fonts. We treat the marketing surface as a low-risk asset — but we still apply the same baselines as our product systems.
Product posture
Our operating companies (Licitia, Calpix, GTech Group, Priam Digital) and the bespoke systems we deliver for enterprise and government clients run with: SSO + MFA on all admin surfaces, audited access controls, encryption at rest and in transit, structured logging with retention SLAs, and quarterly access reviews. Specifics are shared under NDA during procurement.
Compliance
Engagement contracts include DPAs aligned to GDPR (EU), LFPDPPP (México), and where applicable CCPA (California). For Mexican federal work we operate under Ley de Adquisiciones and the corresponding INAI privacy framework.
Vulnerability reports
If you believe you’ve found a vulnerability affecting daxlio.com or any Daxlio-operated property, write to security@daxlio.com. We acknowledge within 2 business days and aim to triage within 5. Please give us a reasonable window before public disclosure — we will credit you in the resolution note unless you ask us not to.
No scope abuse
Active exploitation, data exfiltration, social engineering of staff, or DoS testing is out of scope and not authorized. We only welcome reports made in good faith.
security.txt
Machine-readable contact info is published at /.well-known/security.txt.