Security Statement & Data Handling
1. Overview
Sitethreesixty takes the security of your data seriously. This document outlines our security practices, infrastructure, and data handling procedures. We use industry-leading providers and implement multiple layers of protection to safeguard your information.
2. Infrastructure Security
2.1 Cloudflare
All websites and services are deployed on Cloudflare's global network, providing:
- DDoS Protection: Automatic mitigation of attacks
- Web Application Firewall (WAF): Protection against common vulnerabilities
- SSL/TLS Encryption: All traffic encrypted using TLS 1.3
- Global CDN: Content delivered from 300+ data centres
2.2 GitHub
Source code and version control is managed through GitHub, which provides:
- Encrypted Repositories: All data encrypted at rest using AES-256
- Access Controls: Role-based permissions and two-factor authentication
- SOC 2 Type II Certified: Independent security verification
2.3 Email Services
- Maileroo: Transactional emails, GDPR compliant with TLS encryption
- Google Workspace: Enterprise email, SOC 2/3 certified
- Microsoft 365: Enterprise email, ISO 27001 and SOC 2 certified
3. 360Dash Client Portal
This portal provides secure access to your account:
- Secure login with encrypted credentials
- Session management with automatic timeout
- HTTPS-only access (HSTS enabled)
- Protection against brute-force attacks
- Clients can only access their own data
4. Data Storage & Backup
- Cloudflare R2: Object storage with automatic replication
- GitHub: Version-controlled storage with complete history
- Apple iCloud: Additional encrypted backup layer
- Daily Backups: Automated daily backups of all client data
- 30-Day Retention: Backups retained for minimum 30 days
5. Encryption Standards
- In Transit: TLS 1.3 for all network communications
- At Rest: AES-256 encryption for stored data
- Backups: Encrypted backup files with secure key management
6. Third-Party Security
Infrastructure Providers
- Cloudflare: SOC 2 Type II, ISO 27001, PCI DSS Level 1
- GitHub: SOC 2 Type II, ISO 27001, FedRAMP
- Apple: SOC 2 Type II, ISO 27001, ISO 27018
Email Service Providers
- Maileroo: GDPR compliant, TLS encryption
- Google Workspace: SOC 2/3, ISO 27001, FedRAMP
- Microsoft 365: SOC 2, ISO 27001, HIPAA, FedRAMP
Payment Processing
- Stripe: PCI DSS Level 1, SOC 2, ISO 27001. We never store your card details.
7. Your Rights
Under GDPR and UK data protection law, you have the right to:
- Request access to your data
- Request correction or deletion
- Request a copy of your data in a portable format
- Object to processing of your data
To exercise these rights, contact us at admin@sitethreesixty.com.
8. Contact
For security concerns or questions:
Email: admin@sitethreesixty.com