Cybersecurity Policy

This Cybersecurity Policy summarizes the principles and controls bluedoor uses to manage cybersecurity risk across its systems, infrastructure, software, and operational processes.

Our objective is to maintain a security program that is appropriate to the nature of our services, the sensitivity of information we handle, and the evolving threat environment.

bluedoor maintains internal processes for identifying, evaluating, prioritizing, and addressing cybersecurity risks. Security responsibilities are assigned across technical and operational functions, and security considerations are incorporated into ongoing product, infrastructure, and vendor decisions.

We periodically review policies, controls, and procedures to assess whether they remain appropriate for our current systems, business activities, and risk profile.

Access to systems and information is limited to authorized personnel, service accounts, and vendors with a legitimate business need. Access is managed using role-based principles where appropriate and is subject to review, modification, or revocation as circumstances change.

We seek to reduce unauthorized access risk through credential management practices, least-privilege controls, and authentication measures appropriate to the systems in use.

We use a combination of technical, administrative, and operational safeguards intended to protect systems and information from unauthorized access, misuse, disruption, or loss. These measures may include encryption, environment separation, logging, monitoring, patching, vulnerability management, backups, and change-management procedures, as appropriate.

Security controls are designed to evolve as our systems, vendors, and risk environment change over time.

We maintain processes intended to detect, investigate, and respond to suspected security events in a timely manner. Where appropriate, this may include alerting, containment, remediation, recovery actions, post-incident review, and communication with affected stakeholders.

If we determine that a security incident requires notification under applicable law or contractual obligation, we will provide such notice in accordance with those requirements.

bluedoor relies on third-party infrastructure, software, payment, analytics, and data providers. We consider cybersecurity and data protection factors when selecting and managing material service providers, although we cannot control every aspect of a third party's environment.

Third-party dependencies remain subject to their own operational and security practices, and use of such providers does not eliminate residual risk.

Users play an important role in protecting their own accounts and devices. You are responsible for maintaining secure credentials, controlling access to your local environment, installing updates, and promptly reporting suspected unauthorized activity involving your account.

This Cybersecurity Policy may be updated from time to time to reflect changes in our systems, operations, vendors, legal obligations, or security practices. The current version will be indicated by the "Last updated" date above.

Security-related questions or vulnerability reports may be directed to security@bluedoor.sh.