SECURITY CENTER

We're not perfect.
Here's the proof.

38 controls. 4 open findings. Score 87%. All live, all signed, all here.

Z E R O – D A T A   M A N I F E S T O

We have nothing of yours

Not code. Not files. Not secrets. Not PII. Not table names. The scan runs on your machine - we only receive numbers and a hash.

🚫
We have nothing of yours
The scan runs in your browser or on your machine. We never see source code, file names, PII values, or secrets. Ever. You can't leak what you don't have.
⚠️
We're not perfect
Our score is 87%, not 100%. MFA is optional. CSP uses unsafe-inline. SBOM isn't signed. MIME validation is partial. All four are published here - not hidden.
🔐
Security = transparency
Every control documented. Every threat mapped. Every encryption detailed. Every dependency listed. All running live on ourselves - not a year-old PDF.
"Security isn't about being perfect."
"It's about mapping everything, proving everything, and publishing everything."
CAPSULE LIVE MONITORLIVE
Full →
...Running Capsule scan...
🎯

Threat Model

Our public threat model - what we protect, what we don't, and the risks we acknowledge

🔍

Transparency Report

Exactly what's encrypted, what's not, which algorithms, and where the limits are - nothing hidden

🛡️

Responsible Disclosure

Found a vulnerability? Here's our policy, channels, and response times

📦

SBOM

Software Bill of Materials - every dependency, version, and license our system uses

LIVE
📡

Live Capsule Scan

We run Capsule on ourselves - live. See the results in real time

Our Principles

🔓

Aggressive Transparency

What we publish ourselves - can't be exposed against us. We publish our threat model, our own scan results, and our algorithms.

🧪

Standards, Not Marketing

AES-256-GCM, RSA-OAEP, PBKDF2, scrypt - open, recognized standards. No "proprietary magic". Security through obscurity is not security.

🎯

Honest About Limits

We're not perfect, and we say it out loud. Our threat model includes what we don't protect. 38 controls - not 1,000. SOC-ready - not SOC-certified.

📡

Eat Our Own Dog Food

Capsule runs on Capsule itself - 24/7. If our scanner finds an issue on us, we fix it and publish.

By The Numbers

AES-256-GCM
Encryption
38
Scanner Controls
24/7
Capsule on Ourselves
0
Data Breach Events

Found something? Report here — we respond within 24 hours.