Security & Trust

Practical trust for serious technology work

Fortua handles business enquiries, AI-assisted triage, and website operations with a security-conscious, GDPR-aware approach built around Cloudflare and Microsoft services.

Abstract secure data flow with protected enquiry cards, cloud routing, storage, email delivery, and monitoring panels.

Commitments

Trust starts with how the system is designed

The website reflects the same operating principles Fortua brings to customer work: reduce unnecessary exposure, make ownership clear, and keep security part of the delivery model.

Secure-by-default delivery

Identity, access, data handling, least privilege, backup thinking, and operational risk are considered as part of delivery, not as an afterthought.

Cloudflare and Microsoft foundations

The site uses Cloudflare Pages, Workers, D1, KV, Turnstile, Web Analytics, and AI, with Microsoft Graph for controlled Office 365 email delivery.

Transparent AI use

Cloudflare AI supports enquiry classification, summarisation, and the website assistant. It does not replace human commercial judgement.

GDPR-conscious handling

The contact flow minimises exposure, hashes IP data for abuse control, stores enquiries in D1, and explains processing in the privacy policy.

Contact data

What happens when someone submits the form

The contact form is designed to route useful context without making the process feel heavy.

Fortua reviews the request and routes it by service area, urgency, and operational context.

You receive an acknowledgement once the form is accepted.

The first response focuses on the next useful step: discovery call, scoping question, or practical recommendation.

Abstract secure data workflow showing protected enquiry intake, AI-assisted triage, access controls, storage, and response routing.

Security posture

Designed for measured confidence, not theatre.

Fortua avoids vague security claims. The public site uses security headers, Turnstile protection, rate limiting, hashed IP handling for abuse control, privacy-conscious analytics, and a token-protected monitor endpoint for operational checks.

Discuss your requirements