From 1ffa947a5228bd724fabc6512895406cd161c65b Mon Sep 17 00:00:00 2001
From: Johan Jongsma <johan@inou.com>
Date: Sun, 1 Feb 2026 10:36:09 +0000
Subject: [PATCH] security: add SOC2 positioning, monthly monitoring, audit
 trail

---
 templates/security.tmpl | 11 +++++++++++
 1 file changed, 11 insertions(+)

diff --git a/templates/security.tmpl b/templates/security.tmpl
index 330437f..e5c8fb8 100644
--- a/templates/security.tmpl
+++ b/templates/security.tmpl
@@ -157,6 +157,17 @@
     <p>Continuous uptime monitoring, automated alerting, 24/7. If something blinks wrong, we know — and our systems respond before you'd ever notice.</p>
   </div>
 
+  <div class="privacy-card">
+    <h3>Independently verified. Monthly.</h3>
+    <p>We don't just claim security — we prove it. Every month, our infrastructure undergoes comprehensive vulnerability scanning. External monitoring runs 24/7 from Switzerland, providing independent geographic oversight of our US-based systems.</p>
+    <p>We maintain detailed security documentation aligned with SOC 2 principles: availability, confidentiality, and data integrity. Full security reports are available upon request for enterprise customers and compliance teams.</p>
+  </div>
+
+  <div class="privacy-card">
+    <h3>Every action. Logged.</h3>
+    <p>Your dossier maintains a complete audit trail. Every view, every upload, every change — timestamped and recorded. You can see exactly who accessed what and when. Nothing happens in the dark.</p>
+  </div>
+
   <div class="privacy-card">
     <h3>We keep attackers out.</h3>
     <p>Firewall rules block malicious traffic at the edge. Tarpits slow down scanners and bots, wasting their time instead of ours. Role-based access control ensures every request is authenticated and authorized — no exceptions.</p>