Incident Response
How we handle security incidents.
This page describes our incident response process at a high level. The exact runbooks are internal.
Last updated: 2026-06-28
This page is maintained by Blanca's IT Professional SL to answer common security, privacy and trust questions about Blanca's Builder.
This page is app-owned editable content. It is not an independent audit or certification.
Security is a shared responsibility between Blanca's IT Professional SL, the platforms we run on (Cloudflare, Supabase) and you as the account owner.
Detection
Incidents are detected through automated monitoring, customer reports and our vulnerability disclosure inbox. Every report is triaged within one business day.
Response
On confirmation, we contain the incident, rotate any exposed credentials, deploy a fix and verify the resolution before closing the incident.
Notification
If an incident affects personal data, we notify affected organization owners by email and, where required by law, the competent supervisory authority within 72 hours.
Post-mortem
Material incidents receive a written internal post-mortem with action items. A customer-facing summary is published on the Trust Center when appropriate.
Canonical: https://blancasbuilder.com/trust/incidents · Blanca's Builder