Security

1. Security approach

Gatula Labs designs, builds and maintains digital systems with a security-first mindset. We aim to reduce avoidable risk through good configuration, limited access, secure credentials, careful deployment practices and ongoing technical awareness.

Security is a shared responsibility between Gatula Labs, the Client, hosting providers, email providers, payment providers, software vendors and other third-party services involved in a project.

2. Measures we may use

Depending on the project scope and maintenance plan, security measures may include:

• HTTPS / SSL configuration;
• secure server and reverse proxy configuration;
• firewall and access restriction recommendations;
• secure environment variables and credential handling;
• limited access to production systems;
• software updates and dependency reviews;
• basic input validation and anti-spam measures;
• backup recommendations or implementation;
• logging, monitoring and incident investigation where included;
• DNS, SPF, DKIM and DMARC recommendations for email reliability and anti-spoofing.

3. Client responsibilities

The Client is responsible for:

• using strong, unique passwords and multi-factor authentication where available;
• keeping domain, hosting, email and third-party accounts secure;
• not sharing credentials in unsafe channels;
• not installing unapproved plugins, scripts or third-party code into maintained systems;
• not modifying production systems without understanding the risk;
• promptly informing Gatula Labs about suspicious activity, unauthorised access or security incidents;
• maintaining valid licences and paid subscriptions for required third-party tools.

4. Responsible disclosure

If you discover a vulnerability or security issue involving Gatula Labs or a system maintained by us, please report it to [email protected].

Please include enough detail for us to understand and reproduce the issue. Do not exploit the issue, access or modify data that is not yours, interrupt services, publicly disclose the issue before we have had a reasonable chance to investigate, or perform destructive testing.

5. Limitations

No website, server, software, email system or online service can be guaranteed to be completely secure or permanently available. Gatula Labs does not guarantee protection against every possible attack, vulnerability, misconfiguration, third-party failure or user error.

Advanced security monitoring, penetration testing, incident response, malware removal, disaster recovery and compliance audits are separate services unless explicitly included in a written agreement or active maintenance plan.

6. Contact

• Email: [email protected]
• Phone: +354 767 7158
• Office: Bíldshöfði 16, 110 Reykjavík, Iceland