Business Factory

Trust

Security

Last updated: May 26, 2026.

Posture

Business Factory Corporation operates this website and its contact-form backend on Amazon Web Services in the United States. We follow security-by-default principles: HTTPS only, no third-party JavaScript beyond the libraries listed below, fail-closed authentication on the contact-form webhook, least-privilege IAM, and structured audit logging for any state-changing action.

Infrastructure

  • Static site hosting: Amazon S3 (private bucket), served exclusively through Amazon CloudFront with Origin Access Control (OAC). Direct S3 access is denied.
  • TLS: AWS Certificate Manager. TLS 1.2 minimum. HTTPS-only with HTTP-to-HTTPS 301 redirect at the CloudFront edge.
  • Contact form backend: AWS Lambda (Python 3.12) behind Amazon API Gateway HTTP API. No public Lambda function URL.
  • Rate limiting: Amazon DynamoDB-backed ledger, 5 requests per IP per minute, records auto-expire after two minutes via DynamoDB TTL.
  • Email delivery: Amazon SES with DKIM, SPF, and DMARC published on the domain.
  • IAM: The contact-form Lambda is scoped to ses:SendEmail on verified identities only, plus minimal DynamoDB access on the rate-limit table.
  • Logging: Amazon CloudWatch with seven-day retention.

Third-party dependencies

The website loads three external resources, each from well-known public CDNs:

  • Google Fonts — typography (Inter family).
  • Three.js (cdnjs) — WebGL library for the hero animation.
  • Vanta.js (jsDelivr) — animated network background, depends on Three.js.

None of these are configured to collect identifying information about visitors. We use no analytics platforms, no advertising trackers, and no behavioral profiling.

Data handling

The only personal data we process is what visitors voluntarily submit through the contact form. See our Privacy Policy and Privacy Choices pages for full detail on collection, retention, and deletion.

Responsible disclosure

If you believe you have discovered a security vulnerability affecting this website or its contact-form backend, please report it privately to chris@bizfactorynv.com with the subject line “Security Disclosure.” We commit to:

  • Acknowledging your report within five business days.
  • Providing a remediation timeline within fifteen business days.
  • Not pursuing legal action against good-faith researchers who follow this policy.

Please do not publicly disclose a vulnerability before we have had reasonable time to remediate. Please do not access, modify, or destroy data belonging to other users. Please do not run automated scans that degrade service for other visitors.

Open source

The source code for this website (frontend, infrastructure-as-code, Lambda function) is published at github.com/AlbinoRacoon/bizfactorynv-site. Independent review is welcome.

Contact

Security inquiries: chris@bizfactorynv.com · Reno, Nevada, USA.

← Back to home