Trust at erie.pro

How we authenticate our email, protect data in transit and at rest, and how to reach us if you suspect abuse or have found a vulnerability.

Email authentication

Every email we send is authenticated with SPF and DKIM, and aligned under DMARC. Our DMARC policy is published at _dmarc.erie.pro and is currently set to p=quarantine with pct=100, ramping to p=reject on a published schedule.

SPF: enumerates the authorized senders for erie.pro.
DKIM: 2048-bit signature on every outbound message via our authenticated sender.
DMARC: aggregate reports are received at dmarc@erie.pro and reviewed daily.
MTA-STS & TLS-RPT: TLS-only inbound, with aggregate TLS reports collected to detect downgrade attacks.

Email practices

Every outbound message carries a List-Unsubscribe header (mailto + one-click HTTPS), honored within 24 hours and typically immediately.
We do not send unsolicited bulk email. Recipients are either customers, providers we've verified, or visitors who requested contact.
Hard bounces and spam complaints are suppressed permanently and within seconds. Contacts inactive 180+ days are sunset from all mailings.
All campaign links route through erie.pro directly — no third-party URL shorteners.

Data security

In transit: HTTPS with HSTS (preload-eligible) on every page; outbound mail negotiates TLS opportunistically or strictly per MTA-STS.
At rest: customer records stored in our managed Neon Postgres cluster with encryption at rest. Sensitive personally-identifying fields (phone, address) are redacted in logs.
Access: production data is read-only for engineering except during incident response; admin operations require two-factor sign-in.

Vulnerability disclosure

We don't run a paid bug bounty, but we take reports seriously and respond within two business days. Please reach security@erie.pro with reproduction steps. PGP key available on request.

Scope: erie.pro and its public APIs.
Out of scope: third-party services we use (Vercel, Neon, Emailit, ThriveCart, ConvertBox, SuiteDash). Please report directly to the affected provider.
Please do not attempt to access data that isn't yours, run automated denial-of-service, or social-engineer staff.
We will not pursue legal action against researchers acting in good faith within the scope above.

Abuse contact

To report spam claiming to be from erie.pro, phishing, or other abuse, write abuse@erie.pro or postmaster@erie.pro. Please include full headers of the offending message.

Acknowledgments

Researchers who report eligible issues under the policy above are listed here, with permission, after fix.

See also: Privacy · Contact · /.well-known/security.txt

Trust at erie.pro

How we authenticate our email, protect data in transit and at rest, and how to reach us if you suspect abuse or have found a vulnerability.

Email authentication

SPF: enumerates the authorized senders for erie.pro.
DKIM: 2048-bit signature on every outbound message via our authenticated sender.
DMARC: aggregate reports are received at dmarc@erie.pro and reviewed daily.
MTA-STS & TLS-RPT: TLS-only inbound, with aggregate TLS reports collected to detect downgrade attacks.

Email practices

Every outbound message carries a List-Unsubscribe header (mailto + one-click HTTPS), honored within 24 hours and typically immediately.
We do not send unsolicited bulk email. Recipients are either customers, providers we've verified, or visitors who requested contact.
Hard bounces and spam complaints are suppressed permanently and within seconds. Contacts inactive 180+ days are sunset from all mailings.
All campaign links route through erie.pro directly — no third-party URL shorteners.

Data security

In transit: HTTPS with HSTS (preload-eligible) on every page; outbound mail negotiates TLS opportunistically or strictly per MTA-STS.
At rest: customer records stored in our managed Neon Postgres cluster with encryption at rest. Sensitive personally-identifying fields (phone, address) are redacted in logs.
Access: production data is read-only for engineering except during incident response; admin operations require two-factor sign-in.

Vulnerability disclosure

We don't run a paid bug bounty, but we take reports seriously and respond within two business days. Please reach security@erie.pro with reproduction steps. PGP key available on request.

Scope: erie.pro and its public APIs.
Out of scope: third-party services we use (Vercel, Neon, Emailit, ThriveCart, ConvertBox, SuiteDash). Please report directly to the affected provider.
Please do not attempt to access data that isn't yours, run automated denial-of-service, or social-engineer staff.
We will not pursue legal action against researchers acting in good faith within the scope above.

Abuse contact

To report spam claiming to be from erie.pro, phishing, or other abuse, write abuse@erie.pro or postmaster@erie.pro. Please include full headers of the offending message.

Acknowledgments

Researchers who report eligible issues under the policy above are listed here, with permission, after fix.

Trust at erie.pro

Email authentication

Email practices

Data security

Vulnerability disclosure

Abuse contact

Acknowledgments

Serving Erie and Surrounding Communities

Neighborhoods & Communities We Serve

Licensed & Insured in Pennsylvania

Erie County Zip Codes

Permit Information

Trust at erie.pro

Email authentication

Email practices

Data security

Vulnerability disclosure

Abuse contact

Acknowledgments