Duda uses the following security measures.
Network and Data Communication
Remote access requires VPN connection and two factor authentication.
Antivirus, Malware Protection and Path Management
Automated vulnerability scans are conducted regularly in order to detect web application vulnerabilities.
Backup and Restore
Duda's static resources (images, files, scripts,) are automatically backed up on a daily basis via AWS AMI. In addition, data is replicated to another AWS data center.
Monitoring and Alerts
Duda uses several automated monitoring tools meant to detect abnormalities and misuse.
All data communication networks with external access are protected by a central firewall. Networks are separated for functionality and usage.
Networks, firewall, SSL Certificates and virtual private network (VPN) is used when accessing Duda's critical systems.
All TCP outbound communication is SSL encrypted
Duda's servers are equipped with malware protection and intrusion detection systems.
Central patch management is conducted on a regular basis by AWS for security related updates to ensure known security issues cannot be used to gain unauthorized access to systems and data.
Duda uses AWS automated backup features that allow Duda to restore the database state and data to any point in time in the past 14 days. In addition Duda performs periodic database snapshots via RDS API.
Duda will not provide user account related information unless proper verification of the identity of the account owner is established.
Delete and Destroy
Customer Data will only be stored for as long as Duda and the partner or customer has an active agreement, and as long as it serves the purposes for which the data was collected. . Upon expiration of an agreement with a customer, unless there is a legal or contractual obligation to maintain data for a long period of time, the customer's data will be deleted or at least personal data will be removed.
Access to Duda's systems and application is granted based on the "need to know" principle. Admin access requires the use of multi-factor authentication and passwords according to Duda's password policy.
Passwords policy is enforced for any user on the platform (account owners, team members, customers). The password is fully encrypted / hashed.
Duda's activities are based on cloud computing services provided by AWS. For further information regarding physical security issues please refer to Physical and Environmental Security section on: