Published security program
Eunoiana Dev maintains an information security program designed to protect client data, project assets, credentials and production systems throughout design, development, deployment and support.
Eunoiana Dev is committed to handling information responsibly and applying practical safeguards that are appropriate for the size, scope and risk profile of each project. Security is considered during discovery, design, development, testing, launch and ongoing maintenance.
This policy applies to Eunoiana Dev systems, development environments, client project assets, source code, credentials, documentation and third-party services used to deliver work for clients.
Responsibility for information security sits with Eunoiana Dev leadership. Security requirements are reviewed during project planning, and project-specific risks are considered before sensitive data, integrations or production access are handled.
Access to client systems, repositories, hosting accounts and third-party tools is granted only where needed to deliver agreed work. Strong passwords and multi-factor authentication are used wherever supported. Access is removed when it is no longer required.
Eunoiana Dev follows secure development practices including code review where appropriate, dependency awareness, environment separation, least-privilege configuration, input validation and careful handling of authentication, permissions and secrets.
Client data is used only for agreed business purposes. Sensitive data is limited to what is necessary, stored in approved systems, and not shared with third parties except where required for delivery, support or legal compliance.
API keys, passwords, tokens and production secrets are not intentionally committed to public code repositories. Where credentials are needed, they are stored using suitable password managers, hosting environment variables or platform secret management.
Eunoiana Dev uses reputable third-party platforms for hosting, development, communication, analytics, payments, email, automation and project delivery. Service choices are reviewed for suitability, reliability and reasonable security controls.
Project source code and key project assets are maintained in controlled repositories or approved storage locations. Where Eunoiana Dev manages live systems, backup and recovery expectations are agreed with the client based on business need.
Suspected security incidents are investigated promptly. Where an incident may affect a client, Eunoiana Dev will notify the client, support containment and remediation, and document follow-up actions to reduce the likelihood of recurrence.
This policy is reviewed at least annually and may be updated sooner when Eunoiana Dev introduces new services, tools, hosting arrangements, regulatory requirements or operational processes.
Questions about this policy can be sent to hello@eunoiana.com.
Eunoiana Dev also publishes summaries of its network segregation, hosting, network threat protection, endpoint security, daily operational security, access control, data classification, incident response, vulnerability management, personal data protection and privacy practices.
View network security controls
View endpoint security controls
View operational security baseline
View data classification and encryption policy
View vulnerability and threat management procedure