PostDaba logoPostDaba
Create free account

Security at PostDaba

PostDaba is built and operated by BEQODIA LTD (England & Wales). We design for safety, privacy and reliability from day one, following a defence‑in‑depth approach and least‑privilege access by default.

Security principles

  • Least privilege access across systems and data.
  • Defence‑in‑depth at application, network and infrastructure layers.
  • Privacy‑by‑design and secure‑by‑default defaults in product decisions.
  • Continuous improvement through monitoring, testing and review.

Data protection

  • Encryption in transit with TLS 1.2+ and modern cipher suites.
  • Encryption at rest using industry‑standard algorithms (e.g., AES‑256) for stored data and backups.
  • Secrets management with restricted access and periodic rotation.
  • Workspace‑scoped data separation to prevent cross‑tenant access.

Access and identity

  • Role‑based access control (RBAC) with clear separation of duties.
  • Audit logs for sensitive actions and administrative events.
  • MFA recommended for all users; required for admins in enterprise plans.
  • Single sign‑on (SAML/OIDC) available for enterprise customers.

Application security

  • Secure SDLC with code reviews, automated tests and dependency scanning.
  • Static analysis and linting integrated into CI for early detection of issues.
  • Strict secrets handling; no hardcoded credentials; environment separation for dev/stage/prod.
  • Minimal third‑party access with contracts and DPAs where required.

Infrastructure and network

  • Hardened cloud infrastructure with network segmentation and firewalls.
  • Managed WAF/CDN and DDoS protections via our cloud providers.
  • Automated configuration management and immutable builds where feasible.
  • Backups with regular restore tests and documented retention schedules.

Monitoring and logging

  • Centralised logging of application and security events with alerting.
  • Anomaly detection and threshold‑based alerts for unusual behaviour.
  • Access reviews and periodic audits for privileged accounts.

Incident response

We maintain a documented incident response plan covering detection, triage, containment, eradication, recovery and post‑incident review. Where an incident materially impacts customers, we notify affected customers and, where required, relevant authorities.

Business continuity and disaster recovery

We operate with redundant infrastructure and regular backups. Recovery time and recovery point objectives are defined internally; specific SLAs are available on enterprise plans.

Penetration testing and vulnerability management

  • Regular third‑party penetration tests are scheduled at least annually and after major changes.
  • Findings are triaged by severity and tracked to remediation.
  • Critical security patches are prioritised with expedited rollout.

Compliance and data protection

We process personal data under UK GDPR and the Data Protection Act 2018. See our Privacy Policy for details. A Data Processing Addendum (DPA) is available upon request for customers acting as controllers. Regional hosting options are available for enterprise.

Subprocessors

We use carefully selected service providers to deliver the service (e.g., cloud hosting, CDN, email delivery, analytics and payments). We maintain a list of subprocessors and will provide it to customers upon request. All subprocessors are bound by appropriate data protection terms.

Responsible disclosure

We welcome reports from security researchers. Please report suspected vulnerabilities tosecurity@postdaba.com (or use the contact form). Provide enough detail to reproduce the issue and avoid accessing or modifying data that does not belong to you. We aim to acknowledge within two business days and to provide regular updates while we investigate.

Questions

For security questions, contact us at security@postdaba.com or via the Contact page.