Eunoiana Software Development

Published access control policy

Least-Privilege Access Control

Eunoiana Dev restricts access to systems, repositories, hosting platforms, client environments and personal data based on the principle of least privilege. Access is granted only where required for an authorised business purpose.

Owner: Eunoiana Dev Effective date: 18 April 2026 Applies to: Systems, project assets and personal data

Policy Statement

Eunoiana Dev maintains an access control policy designed to ensure that users, accounts and services have only the access they need to perform authorised work. Access to personal data is restricted to legitimate project, support, operational or compliance purposes.

The policy applies to company accounts, client systems, code repositories, hosting accounts, databases, CRM tools, analytics platforms, payment systems, documentation, cloud services and other third-party tools used to deliver work.

Least Privilege

Access is granted at the lowest practical permission level needed for the task. Administrative access is limited and used only where required for development, deployment, support or account management.

Personal Data Access

Personal data is accessed only where necessary for an authorised project or support activity. Eunoiana Dev avoids unnecessary copying, exporting or local storage of personal data whenever practical.

Authorisation

Access to client environments, production systems, sensitive data and administrative platforms is provided only when there is a clear business requirement. Client approval is obtained where required by the project or service arrangement.

Authentication

Important systems use strong authentication. Multi-factor authentication is enabled where supported for hosting, domains, repositories, email, payment platforms, admin dashboards and client systems.

Account Lifecycle

Access is reviewed when project roles change, when a project ends, or when access is no longer required. Unneeded accounts, credentials and permissions are removed or reduced.

Credential Handling

Passwords, API keys, tokens and production secrets are handled securely using password managers, environment variables or platform secret management where appropriate. Credentials are not intentionally committed to public repositories.

Production Access

Production access is treated as sensitive. Direct changes to live systems are avoided unless required, controlled and appropriate for the project. Development and staging access is separated from production where practical.

Access Reviews

Access permissions are reviewed periodically and during meaningful project changes. Reviews consider whether access is still needed, whether permissions are too broad, and whether unused accounts should be removed.

Review and Questions

This access control policy is reviewed as systems, client requirements and operational practices change. Eunoiana Dev may update this page to reflect improved controls or new platform requirements.

Questions about these controls can be sent to hello@eunoiana.com.