Security Practices

Security is foundational to everything we build. At Dimensity Labs, we apply industry best practices to protect our clients' data, intellectual property, and the products we develop on their behalf.

We maintain a security-first mindset across our entire organization, from infrastructure and code to communication and access management.

All client projects are hosted on enterprise-grade cloud infrastructure providers (AWS, Vercel, Google Cloud) that maintain SOC 2 Type II, ISO 27001, and other relevant certifications.

We enforce encryption at rest and in transit for all data. All web traffic is served exclusively over HTTPS with TLS 1.2 or higher.

Production environments are isolated from development and staging environments. Access is restricted on a least-privilege basis.

We follow secure coding practices aligned with the OWASP Top 10 guidelines. Code reviews are mandatory for all changes before they reach production.

Dependencies are continuously monitored for known vulnerabilities using automated scanning tools. Critical patches are applied within 24 hours of disclosure.

We implement Content Security Policy (CSP) headers, CORS restrictions, and other HTTP security headers on all web applications we build.

All team members use multi-factor authentication (MFA) for accessing development tools, cloud infrastructure, and client systems.

Access to client repositories, servers, and sensitive data is granted on a need-to-know basis and is revoked promptly upon project completion or team changes.

We use SSH keys and token-based authentication for all programmatic access. Passwords are never stored in code or configuration files.

Client data is handled with strict confidentiality. We do not access, use, or share client data beyond what is necessary to deliver the contracted services.

All project source code is stored in private repositories with audit logging enabled. We maintain encrypted backups with defined retention policies.

Upon project completion or contract termination, client data can be securely deleted or transferred per the client's instructions.

We maintain a documented incident response plan. In the unlikely event of a security incident, affected clients will be notified within 48 hours with details of the incident, its impact, and the remediation steps being taken.

Post-incident reviews are conducted to identify root causes and implement preventive measures.

All Dimensity Labs team members undergo security awareness training. Contractors and collaborators are bound by non-disclosure agreements (NDAs) before accessing any client information.

We conduct periodic internal security reviews and update our practices as threats evolve.

If you discover a security vulnerability on our website or in any product we maintain, we encourage responsible disclosure. Please report it to security@dimensitylabs.dev. We will acknowledge receipt within 24 hours and provide an initial assessment within 72 hours.

We do not pursue legal action against researchers who report vulnerabilities responsibly and in good faith.