Privacy & Data Policy.
Security & Data Protection
At TDP, we place the highest importance on securing your data. This page outlines our approach to data protection, covering the people, processes, and technologies we use to ensure your information stays safe and your operations run smoothly.
Key Areas of Focus
Our comprehensive security framework includes:
-
Corporate Security Policies
-
Physical Safeguards
-
User Access Controls
-
Information Protection
-
Network Defenses
-
Operational Controls
-
Incident Management
-
System Update Management
-
Third-Party Oversight
-
User-Level Security Tools
Corporate Security Policies
We enforce strong internal protocols for data privacy and system use. Each new employee agrees to confidentiality and is trained on our data protection measures, including EU data regulations. Security awareness is fostered through regular briefings and internal updates.
Device Hardening
Company-issued devices come pre-equipped with security tools including antivirus, encryption, and remote administration. Removable storage is disabled, and retired hardware is securely wiped or physically destroyed to ensure no data is recoverable.
Review and Audits
Periodic checks of our practices help ensure our internal procedures remain aligned with modern security standards.
Physical Safeguards
Controlled Access to Offices
Workspaces are protected with controlled access measures, including keycard systems and surveillance, to deter unauthorized entry.
Data Center Protections
Our cloud servers are hosted in world-class facilities that enforce strict physical security such as biometrics, guarded premises, and continuous monitoring.
Review and Audits
Periodic checks of our practices help ensure our internal procedures remain aligned with modern security standards.
User Access Controls
Two-Step Verification
All staff must authenticate using secure login credentials and multi-factor authentication. Access is streamlined and secured via Single Sign-On (SSO) when applicable.
Access Rights by Role
Permissions are assigned based on job duties, keeping access limited to only what is necessary.
Regular Permission Audits
Access is re-evaluated on a quarterly basis to ensure only active, relevant permissions remain in place.
Information Protection
Encryption Protocols
Data is protected using strong encryption during transmission (SSL/TLS) and while stored (AES-256), managed via our cloud provider's key systems.
Data Lifecycle Management
User data is retained only while necessary for services. After account closure, it is securely deleted within 90 days.
Customer Data Isolation
Every client's data is kept logically separate from others, ensuring privacy and exclusive access.
Secure Payment Handling
TDP never stores credit card information. Payment data is processed by integrated and certified third-party gateways.
Network and Infrastructure Defenses
Perimeter Security
Firewalls, DNS protection, and Web Application Firewalls help block external attacks and conceal our underlying systems.
Monitoring Application Activit
Our systems use intrusion monitoring to detect unusual behavior. Network ports are restricted and only approved IPs are allowed access.
Isolated Database Access
Sensitive data is stored in private environments, shielded behind strict access policies.
Operational Controls
Activity Logging
We maintain detailed audit trails for user actions, system access, and application events. These logs help us quickly trace issues or identify risks
Proactive Risk Scanning
We regularly scan for system weaknesses using trusted security tools, covering code, servers, and cloud assets.
Redundant Backups
Our data backup system runs in real time and at set intervals. Backup copies are encrypted and retained for two weeks.
Continuity Preparedness
Disaster recovery plans cover essential systems and include clear RPOs and RTOs. These are tested through scheduled simulations.
Incident Management
Our response plan outlines procedures for detecting, isolating, escalating, and resolving security events. Simulations and regular plan updates ensure readiness. Incidents are logged and reviewed to improve future responses. Users can report issues via our support contact form.
System Update and Change Control
Safe Development Practices
All development work is documented, tested, and approved before it goes live. Environments for development are separated from production.
Version Control Systems
TDP uses modern tools to manage code versions and automate secure deployments via CI/CD pipelines.
Third-Party Oversight
Vendor Evaluation Process
We assess vendors for their data handling, compliance, and incident readiness before partnering.
Controlled Third-Party Access
External partners access only what’s necessary under strict controls. All data shared is encrypted, monitored, and logged
Ongoing Oversight
We regularly review and audit external access and vendor compliance with our data protection requirements.
For any security-related inquiries or to report a concern, please reach out to our support team at: support@traveldesignplus.com