deploy@local — ssh dsl.io — 220×56
Dark Space Labs

Security

How We Keep Your Site & Data Secure

Security isn't a feature we add at the end — it's part of how we operate. Here's exactly what we do to protect your website, your data, and your infrastructure.

Infrastructure Security

Encryption in Transit & At Rest

All connections to hosted sites use TLS 1.2/1.3. Database backups are encrypted with AES-256. SSL certificates are issued by Let's Encrypt and auto-renewed — expiration is never a surprise.

Infrastructure Isolation

Each client environment runs in its own Docker container with resource limits and network isolation. One compromised site cannot access another client's data or resources.

Monitoring & Alerting

Our infrastructure runs Prometheus + Grafana for metrics and Uptime Kuma for availability monitoring. Anomalous activity triggers alerts to our team before it becomes an incident.

Access Control

SSH access is key-only (no passwords). All admin interfaces are behind strong authentication. We follow the principle of least privilege — every person and service gets only the access they need.

Vulnerability Management

Operating system packages receive automatic security updates. Docker base images are rebuilt monthly to include upstream security patches. We monitor CVE feeds for our software stack.

DDoS & WAF Protection

Client sites are behind Cloudflare for DDoS mitigation, bot protection, and rate limiting. The Web Application Firewall is configured with OWASP rulesets appropriate for each site type.

How We Handle Your Data

  • We collect only the data necessary to provide the service you're paying for.
  • Client site data is stored exclusively on infrastructure we control — no third-party subprocessors store your site data.
  • Backups are retained for 30 days by default. Extended retention is available.
  • We do not sell, share, or analyze client data for advertising purposes.
  • On contract termination, we provide a complete data export and delete all data within 30 days.
  • Staff with infrastructure access have passed background checks and are subject to confidentiality agreements.

Incident Response

When a security incident occurs — whether it affects our infrastructure or a client's site — we follow a defined response process: contain, assess, remediate, notify, and document. We don't hide incidents or minimize their scope.

For incidents that affect client data, we notify affected clients within 24 hours of becoming aware. We provide a clear description of what happened, what data was affected, what we've done to remediate, and what steps clients should take.

Our incident response capability includes: automated backup restoration tested quarterly, off-site backup copies in a separate provider for disaster recovery, documented runbooks for common incident types, and on-call availability for production-down situations.

Found a Security Issue?

If you've discovered a potential security vulnerability in our infrastructure or client sites, please let us know responsibly. We take all reports seriously and will respond promptly.

Report a Vulnerability

We do not pursue legal action against good-faith security researchers.