Security

Practical security for websites and booking systems.

No online system can be guaranteed risk-free, but Yorkshire Digital uses practical controls to reduce risk around hosting, access, backups, support and supplier use.

Data Processing Terms Subprocessors

Controls

Security controls used in the service.

HTTPS and SSL

Managed websites are served over HTTPS with SSL where supported by the hosting and domain setup.

Managed hosting

Websites are hosted using established hosting infrastructure rather than being left on unmanaged shared hosting.

Access control

CRM and admin access should be limited to people who need it. Demo accounts are separated from real customer data where used.

Backups and recovery

Hosting and database providers may maintain backup and recovery systems. Backup behaviour can vary by provider and service level.

Updates and maintenance

Managed packages include routine maintenance, system updates, bug fixes and health checks within the package scope.

Payment security

Card payments are handled through Stripe-hosted payment workflows where possible, reducing direct handling of card details.

Access

Supplier and support access.

Support access

Yorkshire Digital may access client websites, CRM accounts, database records or deployment settings when needed for setup, support, troubleshooting, maintenance or agreed changes.

Least practical access

Access should be limited to what is needed for the task. Clients should remove old staff accounts and avoid sharing passwords between users.

Third-party providers

Hosting, database, email and payment providers may also process data as part of their infrastructure. See Subprocessors and Storage.

Client responsibilities

Security is shared.

Use strong, unique passwords and multi-factor authentication where available.
Keep staff access up to date and remove users who no longer need access.
Do not collect sensitive personal data unless it is genuinely needed and properly assessed.
Report suspected account compromise or unusual CRM activity quickly.

Incidents

Security incidents and data breaches.

If Yorkshire Digital becomes aware of a security issue that may affect personal data or service availability, it will take practical steps to investigate, contain the issue, reduce harm and notify affected clients where appropriate. Clients may have their own duties to assess whether individuals or the ICO need to be notified.

What to report

Lost access, suspicious emails, unusual CRM records, unexpected password resets, payment concerns or suspected unauthorised access.

How to report

Email connor01kelly@gmail.com with as much detail as possible, including dates, screenshots and affected account names where safe to share.

What happens next

The issue will be reviewed, relevant providers may be checked, and practical containment steps will be taken based on the risk and available information.