Security Practices
Protecting your data is foundational to everything we build. Here is how we keep your organization safe.
Our Security Commitment
IdeaDunes is built with security as a first-class requirement — not an afterthought. We implement industry-standard protocols, conduct regular security reviews, and maintain compliance with international data protection regulations to protect your business data at every layer.
Encryption
All data encrypted in transit (TLS 1.2+) and at rest (AES-256). Database fields containing sensitive information use application-level encryption.
Authentication
Multi-method auth: email/password with bcrypt hashing, OAuth 2.0 (Google, GitHub), Magic Links, and two-factor authentication (TOTP + SMS).
Access Control
Role-based access control (RBAC), session management with expiration, trusted device verification, and IP-based restrictions for enterprise accounts.
CSRF & XSS Protection
CSRF tokens required on all state-changing requests. Content Security Policy (CSP) with nonce-based script allowlisting. Output encoding on all rendered data.
Rate Limiting
API and authentication endpoints protected against brute-force attacks with configurable rate limits and progressive lockout thresholds.
Backups & Recovery
Automated daily backups with encrypted offsite storage. Point-in-time recovery available. Enterprise plans include real-time replication and custom retention.
Compliance Frameworks
IdeaDunes is designed to support compliance with major international data protection and security frameworks.
GDPR
General Data Protection Regulation (EU)
Data processing agreements, right to erasure, data portability, cookie consent management, and privacy-by-design architecture.
SOC 2 Type II
Service Organization Controls
Controls for security, availability, processing integrity, confidentiality, and privacy. Annual third-party audits.
HIPAA
Health Insurance Portability
BAA available for healthcare organizations. PHI encryption, access logging, and minimum necessary access policies.
ISO 27001
Information Security Management
Information security management system aligned with ISO 27001 controls for risk management and continuous improvement.
CCPA
California Consumer Privacy Act
Right to know, right to delete, and opt-out of data sales. Applicable to California residents.
PCI DSS
Payment Card Industry
Payment processing delegated to PCI DSS Level 1 certified providers (Stripe, PayPal). No raw card data stored.
Infrastructure Security
Where is data hosted?
IdeaDunes infrastructure runs on enterprise-grade cloud providers with data centers across North America, Europe, and Asia-Pacific. Enterprise customers can specify their data residency region.
How are backups handled?
Automated encrypted backups run daily with 30-day retention. Enterprise plans include hourly incremental backups, cross-region replication, and custom retention policies up to 7 years.
What about DDoS protection?
Our infrastructure includes multi-layer DDoS mitigation at the network and application level, with automatic traffic analysis and IP reputation filtering.
How do you handle security incidents?
We maintain a documented incident response plan with defined escalation paths, impact assessment procedures, and notification timelines. Affected customers are notified within 72 hours per GDPR requirements.
Do you conduct penetration testing?
Yes. We conduct annual third-party penetration tests and quarterly internal security assessments. Critical findings are remediated within 24 hours; high findings within 7 days.
Responsible Disclosure
We welcome responsible security research. If you discover a vulnerability, please report it to security@ideadunes.com. We commit to acknowledging receipt within 24 hours, providing a timeline within 72 hours, and keeping you informed of remediation progress.
We do not pursue legal action against researchers who follow responsible disclosure practices.
Need a Security Review?
Enterprise customers can request access to our SOC 2 report, penetration test summary, and data processing agreement.
Request Security Documentation