Security at Ideadunes

We treat your data like it was our own. Every byte encrypted, every access logged, every change reviewed.

How we protect your data

Encryption

  • AES-256 encryption at rest (AWS KMS)
  • TLS 1.3 only in transit
  • Customer-managed keys (CMK) on Enterprise
  • Key rotation every 90 days
  • Field-level encryption for PHI/PII

Access control

  • Multi-factor authentication required for all staff
  • SSO/SAML for customers (Okta, Azure AD, Google)
  • Role-based access control (RBAC) — 14 roles
  • Just-in-time elevated access (auto-expires)
  • Privileged access reviews quarterly

Infrastructure

  • AWS primary · multi-region active-active
  • Tenant isolation via row-level security + schema
  • Hardened images · CIS benchmarks
  • Network segmentation · VPC peering
  • WAF + DDoS protection (CloudFront + Shield)

Operations

  • 24×7 security operations center
  • Real-time intrusion detection
  • Automated vulnerability scanning
  • Quarterly penetration testing (CrowdSec)
  • Active bug bounty (HackerOne)

Compliance & certifications

SOC 2 Type II
In audit
Aug 2026 expected
ISO 27001
In progress
Oct 2026 cert target
HIPAA BAA
Available
12 active customers
PCI DSS
SAQ-A
via Stripe + Razorpay
GDPR Art 27 EU rep
Frankfurt
retained
DPDP (India)
Compliant
DPO appointed

Data residency

Your data stays where you need it. Multi-region storage with no cross-border transfers unless you explicitly opt in.

RegionLocationData centerPlan availability
IndiaMumbai (ap-south-1)AWSAll paid plans
European UnionFrankfurt (eu-central-1)AWSAll paid plans
United StatesVirginia (us-east-1)AWSAll paid plans
United KingdomLondon (eu-west-2)AWSScale + Enterprise
UAEDubai (me-central-1)AWSScale + Enterprise
SingaporeSingapore (ap-southeast-1)AWSScale + Enterprise
AustraliaSydney (ap-southeast-2)AWSScale + Enterprise
CanadaCentral (ca-central-1)AWSEnterprise

Resilience & backup

Backup frequency
Continuous
PITR · 35-day window
Backup verification
Daily
automated restore test
RTO target
1 hour
recovery time
RPO target
5 min
recovery point
Multi-region
Active-active
automatic failover
Last DR drill
Mar 2026
passed all tests

Vulnerability disclosure

If you've found a security issue, we'd love to hear from you. We pay for valid reports.

  • Email: security@ideadunes.com
  • PGP fingerprint: B7E3 4F2A 1C8D 6E5F 9A0B C2D4 E7F1 3A5C 8B9E 4D62
  • Bug bounty: HackerOne · paid in USD via PayPal/wire
  • Severity tiers: Critical $5k+ · High $1k–5k · Medium $250–1k · Low $50–250
  • Hall of fame: 47 researchers credited

Need our security questionnaire?

CAIQ, SIG Lite, custom — we'll respond within 5 business days.

Visit trust center Email security team