Security

How we protect your data and maintain the integrity of our services.

At DorDev, security is a top priority. We are committed to protecting your data and maintaining the trust you place in us. This page outlines our security practices and how we safeguard your information.

Infrastructure Security

Our services are hosted on industry-leading cloud infrastructure providers that maintain SOC 2 Type II, ISO 27001, and other relevant certifications. We leverage their security controls while implementing additional measures tailored to our specific needs.

  • All data is encrypted in transit using TLS 1.2 or higher
  • Data at rest is encrypted using AES-256 encryption
  • Regular security assessments and penetration testing
  • Network segmentation and firewall protection
  • Intrusion detection and prevention systems

Application Security

We follow secure development practices throughout our software development lifecycle:

  • Secure coding guidelines and code review processes
  • Regular dependency scanning and updates
  • Automated security testing in our CI/CD pipeline
  • Input validation and output encoding to prevent injection attacks
  • Protection against OWASP Top 10 vulnerabilities

Access Control

We implement strict access controls to ensure only authorized personnel can access sensitive systems and data:

  • Role-based access control (RBAC) for all systems
  • Multi-factor authentication (MFA) required for all employees
  • Principle of least privilege for system access
  • Regular access reviews and prompt deprovisioning
  • Comprehensive audit logging of all access and changes

Data Protection

Your data is handled with care throughout its lifecycle:

  • Data classification and handling procedures
  • Regular backups with encryption and secure storage
  • Data retention policies aligned with legal requirements
  • Secure data deletion when no longer needed

Incident Response

We maintain a comprehensive incident response plan to quickly identify, contain, and remediate any security incidents. Our process includes:

  • 24/7 monitoring and alerting systems
  • Defined escalation procedures and response teams
  • Regular incident response drills and tabletop exercises
  • Post-incident reviews and continuous improvement

Employee Security

Our team members are trained and equipped to maintain security standards:

  • Background checks for all employees
  • Regular security awareness training
  • Clear security policies and procedures
  • Secure remote work practices

Compliance

We continuously work to meet and exceed industry standards and regulatory requirements. Our security program is designed to align with best practices and frameworks including SOC 2, ISO 27001, and GDPR requirements.

Responsible Disclosure

We value the security research community and encourage responsible disclosure of any vulnerabilities you may discover. If you believe you have found a security issue in our services, please report it to us immediately.

When reporting, please:

  • Provide detailed information about the vulnerability
  • Allow us reasonable time to investigate and address the issue
  • Avoid accessing or modifying other users' data
  • Act in good faith and avoid any actions that could harm our users or services

Contact Us

For security concerns or to report a vulnerability, please contact our security team:

DorDev Security Team
Email: security@dordev.com

For general inquiries, please visit our Contact page.