winer.lyv4.0
Get in touch
Trust Center

Security & Compliance

Here at Eric Winer, security is our number one priority. Compliance is also our number one priority. And privacy, too, that's our number one priority.

Last audit: this morning. Eric checked that his laptop was locked. It was.
Frameworks

Compliance you can
scroll right past

We don't just check the boxes. We check them twice.

SOC 2 Type II

Self-audit complete. Findings: generally okay.

GDPR

Eric does not track you. Eric barely tracks himself.

HIPAA

Eric will not share your medical information. Eric is not a doctor.

ISO 27001

Eric's laptop has a password on it. It is a pretty good password. You can use it, too if you want - just ask.

PCI DSS

Eric does not store your credit card number. Eric does not want your credit card number.

CCPA

Eric does not sell your data. Eric does not have your data. Please don't give Eric your data.

Infrastructure

Reliability & infrastructure.

Eric operates out of a single primary region, with disaster-recovery capabilities at his parents' house.

Primary region
Jersey City, NJ (us-east-1z)
DR region
Parents' house, Pittsburgh
Failover time
5–6 hours, depending on Pennsylvania Turnpike traffic
Encryption at rest (laptop)
FileVault enabled. Lid usually closed.
Encryption at rest (brain)
Substantial. Decryption requires repetition, eye contact, and ideally a second cup.
Backup strategy
Time Machine + iCloud + 'I'll push it to GitHub eventually'
Incident response
Usually within 2 hours. Slower during NFL games.
Data Handling

Data processing agreement.

When you tell Eric something at a party, that information is processed in-memory only and is not persisted to durable storage. Retention is best-effort and degrades over time.

Retention windows: Zero data retention for your name or where we last met. Approximately the rest of his life for useless trivia.

Responsible Disclosure

Found a flaw in Eric?

If you discover a vulnerability in Eric — technical, professional, or personal — please report it responsibly to eric@winer.ly.

  • Please give Eric 90 days to patch the vulnerability before public disclosure.
  • "Eric is bad at texting" is known and tracked. No new reports needed.

Bug bounty: Eric will buy you a coffee. Lunch if it's a critical finding.

Questions about
data handling?

There aren't really any to answer. But if you have one, the inbox is open.

Email EricBack to home