Security at WebDirect
How we protect the webdirect.md platform and our clients' data.
Infrastructure Security
The webdirect.md website runs on a hardened Linux server behind Cloudflare's global CDN and DDoS protection. All traffic is encrypted with TLS 1.3. We enforce HSTS with preloading, ensuring all connections are HTTPS-only.
Security Headers
We implement a comprehensive set of HTTP security headers including Strict-Transport-Security, X-Frame-Options: DENY, X-Content-Type-Options: nosniff, Referrer-Policy, Permissions-Policy, and Content-Security-Policy. Our grade on securityheaders.com is A+.
Application Security
Our website is built with Next.js on a Docker container. We follow secure coding practices, perform dependency audits, and run automated security scans on every deployment. We never expose sensitive data in client-side code.
Data Protection
Contact form data is encrypted in transit and at rest. We retain inquiry data for 12 months as per our Privacy Policy and GDPR commitments. We do not sell data or share it with third parties beyond what is required for service delivery.
Access Control
Production systems are accessible only via SSH key authentication from authorized IPs. We enforce multi-factor authentication for all admin access. Access logs are retained for 90 days.
Incident Response
We maintain an incident response plan. In the event of a security incident affecting client data, we notify affected parties within 72 hours as required by GDPR Article 33.
Found a Security Vulnerability?
If you've discovered a vulnerability in our systems, please report it responsibly. We welcome security research.
Responsible Disclosure Policy