Security Policy

Your data security is our top priority. We employ industry-leading practices to protect your information.

Our Security Commitment

IdeaDunes is committed to maintaining the highest standards of security for all customer data. We implement defence-in-depth strategies, regularly audit our systems, and stay current with evolving threats and compliance requirements.

Infrastructure Security

Encryption at Rest & In Transit

All data is encrypted using AES-256 at rest and TLS 1.2+ in transit. Database backups are encrypted and stored in geographically separated locations.

Secure Hosting

Our infrastructure runs on isolated, hardened servers with automatic security patching, intrusion detection, and DDoS protection.

Network Protection

Web Application Firewall (WAF), rate limiting, IP allowlisting, and real-time threat monitoring protect our perimeter.

Data Isolation

Customer data is logically separated. Strict access controls ensure that data is only accessible to authorised users and processes.

Application Security

  • Authentication: Secure session management, optional two-factor authentication (2FA), and configurable password policies.
  • Authorization: Role-based access control (RBAC) with granular permissions across all modules.
  • Input Validation: All user inputs are validated, sanitized, and parameterised to prevent injection attacks (SQL, XSS, CSRF).
  • Security Headers: Content-Security-Policy, X-Content-Type-Options, X-Frame-Options, and Strict-Transport-Security headers are set on all responses.
  • Dependency Management: Automated scanning for vulnerable dependencies with prompt patching.
  • Code Review: All code changes undergo peer review with security-focused checklists before deployment.

Data Protection & Privacy

  • GDPR Compliance: We process data in accordance with the EU General Data Protection Regulation. Users can export, correct, or delete their data at any time.
  • Data Minimisation: We collect only the data necessary to provide our services.
  • Backup & Recovery: Automated daily backups with tested recovery procedures. RPO < 24 hours, RTO < 4 hours.
  • Data Retention: Customer data is retained only while the account is active. Data is securely erased upon account deletion.
  • Sub-Processors: We maintain a vetted list of sub-processors and notify customers of changes.

Monitoring & Incident Response

  • 24/7 Monitoring: Automated alerting on anomalous activity, failed logins, and infrastructure events.
  • Logging: Comprehensive, tamper-proof audit logs for all administrative and data-access actions.
  • Incident Response Plan: Documented procedures for identification, containment, eradication, and recovery with defined communication timelines.
  • Breach Notification: In the event of a confirmed breach, affected users will be notified within 72 hours as required by GDPR.

Vulnerability Disclosure

We welcome responsible security research. If you discover a vulnerability in IdeaDunes, please report it to us through our coordinated disclosure process.

  • Email: security@ideadunes.com
  • We will acknowledge your report within 48 hours.
  • We will not take legal action against good-faith researchers.
  • We ask that you do not publicly disclose vulnerabilities until we have addressed them.

Employee Security

  • Background checks for all employees with access to production systems.
  • Mandatory security awareness training upon joining and annually thereafter.
  • Principle of least privilege for all system access.
  • Immediate access revocation upon role changes or departure.

Contact Us

For security-related questions or concerns, reach out to our security team:

  • Email: security@ideadunes.com
  • Response Time: Within 48 hours for security inquiries

Last updated: June 2026