Skip to content
Contact

Calm and responsible

Security

Last updated: 28 February 2026

1. Our approach

Quietly Hosted provides managed hosting and infrastructure for a small number of clients.

Security is approached as ongoing maintenance rather than a one time feature. Systems are kept updated, monitored, and reviewed as part of routine operations.

The aim is simple: stable, well maintained infrastructure with clear boundaries.

2. What we secure

Quietly Hosted is responsible for:

  • Hosting infrastructure under our direct control
  • Server configuration and updates
  • DNS configuration where managed by us
  • Access controls for accounts we administer

Clients remain responsible for their own website content, custom code, third party integrations, and user level activity unless explicitly covered by a Care or Managed agreement.

3. Technical measures

  • Encrypted connections (HTTPS, SFTP, TLS)
  • Two factor authentication where supported
  • Regular software and security updates
  • Firewall and access control configuration
  • Monitoring of server health and unusual activity
  • Routine backups

Security measures are proportionate to the scale and nature of the service.

4. Access and support

Access to client systems is performed only where necessary to provide support, and only with the client’s authorisation.

Quietly Hosted does not routinely retain client passwords.

Administrative access is limited to what is required to operate and maintain services.

5. Vulnerability reporting

If you believe you have discovered a security vulnerability affecting:

  • quietlyhosted.com
  • Infrastructure directly operated by Quietly Hosted

Please email: colin@quietlyhosted.com

Include a clear description of the issue and steps to reproduce it. We will acknowledge receipt and investigate in good faith.

6. Responsible disclosure

We welcome responsible disclosure.

  • Avoid accessing, modifying, or deleting data
  • Avoid actions that could degrade availability
  • Allow reasonable time for investigation before public disclosure

Quietly Hosted does not operate a bug bounty programme.

Where a vulnerability results in a notifiable data breach, we will act in accordance with applicable legal requirements.

If anything here is unclear, please get in touch. Security works best when expectations are understood on both sides.