Security

Last updated: November 18, 2025

Our Commitment to Security

At Gondor, security is our top priority. We implement industry-leading security measures to protect your data and ensure the integrity of our services. This page outlines our security practices and commitments.

Data Encryption

We use encryption to protect your data at every stage:

  • In Transit: All data transmitted between your device and our servers is encrypted using TLS 1.3
  • At Rest: All stored data is encrypted using AES-256 encryption
  • End-to-End: Sensitive operations use end-to-end encryption

Infrastructure Security

  • Hosted on secure, SOC 2 compliant cloud infrastructure (GCP)
  • Regular security audits and penetration testing
  • Automated vulnerability scanning and patching
  • DDoS protection and rate limiting
  • Network isolation and firewall protection
  • 24/7 security monitoring and incident response

Access Controls

  • Multi-factor authentication (MFA) available for all accounts
  • Role-based access control (RBAC) for team accounts
  • Principle of least privilege for internal access
  • Regular access reviews and audits
  • Secure password requirements and hashing (bcrypt)
  • Session management and automatic timeout

Compliance & Certifications

We maintain compliance with industry standards:

  • SOC 2 Type II compliance (for Enterprise plans)
  • GDPR compliant data handling
  • CCPA compliance for California residents
  • Regular third-party security assessments
  • ISO 27001 certification (in progress)

Incident Response

We have a comprehensive incident response plan:

  • 24/7 security monitoring and alerting
  • Dedicated incident response team
  • Defined escalation procedures
  • Transparent communication with affected users
  • Post-incident analysis and improvements
  • Regular incident response drills

Data Privacy

  • We never sell your data to third parties
  • Minimal data collection - only what's necessary
  • Data retention policies and automatic deletion
  • Right to access, export, and delete your data
  • Anonymous usage analytics (opt-out available)
  • Transparent privacy policy and practices

Employee Security

  • Background checks for all employees
  • Regular security training and awareness programs
  • Strict confidentiality agreements
  • Limited access to production systems
  • Secure development practices and code reviews

Third-Party Security

We carefully vet all third-party services:

  • Security assessments of all vendors
  • Data processing agreements (DPAs) in place
  • Regular vendor security reviews
  • Minimal data sharing with third parties

Reporting Security Issues

If you discover a security vulnerability, please report it to us immediately. We appreciate responsible disclosure and will work with you to address any issues.

Contact our security team at: security@thegondor.com

Please include detailed information about the vulnerability and steps to reproduce it. We aim to respond to all security reports within 24 hours.

Security Best Practices for Users

  • Enable multi-factor authentication (MFA) on your account
  • Use a strong, unique password
  • Keep your software and dependencies up to date
  • Review your account activity regularly
  • Be cautious of phishing attempts
  • Don't share your credentials with anyone
  • Report suspicious activity immediately