← Dabl Club

Security

Effective July 1, 2026 · dablclub.com

Security at Dabl Club starts with collecting as little as possible. The site is a static, mostly read-only publication; the sensitive data that exists (newsletter subscribers, event registrations) lives with specialized providers, not in a database we run.

Infrastructure

  • Encryption in transit — the entire site is served over HTTPS/TLS; HTTP is redirected and HSTS is enabled.
  • Hosting— the site is built and served by Vercel’s global edge network. We hold no long-lived servers or databases of our own.
  • Hardened headers — a strict Content-Security-Policy limits which scripts, frames, and images can load, alongside standard security headers.

Data handling

Newsletter data is held by beehiiv and event data by Luma; both are dedicated providers with their own security programs. Where we work with community data (for example the audience profile), we aggregate and de-identify it so no individual is exposed. The full list of providers is at Subprocessors.

Access

Access to provider dashboards is limited to the people who run Dabl Club, protected by strong, unique credentials and multi-factor authentication where available.

Responsible disclosure

We welcome reports from security researchers. If you believe you’ve found a vulnerability, email collin@dabl.club with the details and steps to reproduce. Please:

  • give us reasonable time to respond before public disclosure;
  • don’t access, modify, or delete data that isn’t yours, and don’t run denial-of-service or destructive tests;
  • act in good faith — we won’t pursue good-faith research that follows this policy.

No guarantee

No system is perfectly secure. We work to protect the Services but can’t guarantee absolute security; you use them at your own risk.

Contact

Security questions or reports: collin@dabl.club.