Security & Privacy

This page is maintained by Jonathan law firm to answer common questions about how we protect the information you share with us. It reflects controls currently in place on this website and is not an independent certification.

Encryption in transit

All traffic to and from this site is served over HTTPS (TLS). Data submitted through the contact form is transmitted with transport-layer encryption between your browser and our servers.

Access controls

Client data is stored in a managed database with row-level security. Only authenticated staff with an explicit admin role can view contact submissions. Sensitive actions (such as deleting a submission) require typed confirmation and are written to an internal audit log.

Form abuse protection

The contact form validates input server-side, includes a honeypot for bots, and applies per-IP rate limiting so a single source cannot flood our inbox.

Data handling & GDPR

We collect only the details you voluntarily submit (name, email, optional phone, and your message). Data is processed to respond to your inquiry under Art. 6(1)(b) and (f) GDPR. Full details, retention periods, and your rights are described in our Datenschutzerklärung.

Email & unsubscribe

Transactional replies are sent from a verified sender domain (notify.jonathanlawfirm.net) with SPF, DKIM, and DMARC alignment. Every automated reply includes an unsubscribe link, and suppression is honoured on subsequent sends.

Account security

Staff accounts require email + password sign-in with breached- password screening (HIBP) enabled. Passwords known to be compromised in public breaches are rejected at sign-up and password change.

Report a security issue

If you believe you have discovered a vulnerability affecting this site, please email jonathan@jonathanlawfirm.com with a description and steps to reproduce. Please do not publicly disclose the issue until we have had a reasonable opportunity to investigate and respond.

Last reviewed: 2026-07-03