Registered in the United States and Pakistan · Commerce and technology services
Legal

Security statement

Last updated: July 11, 2026. Draft — review with legal counsel before publication.

Our approach

This website is a static build with a small PHP contact endpoint. Our security posture is documented in the repository SECURITY.md, SECURITY-HEADERS.md, and DEPLOYMENT-SECURITY-CHECKLIST.md.

What we do

  • HTTPS-only, with security headers set at the web-server layer.
  • No API keys or SMTP credentials in client JavaScript, JSON, or the public bundle.
  • Server-side input validation on the contact endpoint, honeypot, and rate-limit.
  • Minimal third-party JavaScript. No advertising trackers.
  • Dependency versions are locked and audited before each deployment.

Report a vulnerability

Please email official@trendandbrands.com with the URL, steps to reproduce, and any proof-of-concept. We aim to acknowledge reports within two business days.

We ask that researchers act in good faith: no data exfiltration beyond what is needed to demonstrate the issue, no service disruption, and no automated scanning that affects real users.

Contact channel

A machine-readable disclosure policy is available at /.well-known/security.txt.

WhatsApp