DXBMARK
LEGAL DOCUMENTATIONVersion 1.0

Security Statement

Infrastructure safety, API encryptions, server protections, and data backup security reviews.

Effective Date: June 01, 2026|Last Updated: June 01, 2026|Version: 1.0|Reading Time: 7 min read

1. Purpose

This Security Statement describes DXBMARK's general technical and organizational security measures for SaaS products, custom software, WordPress projects, web applications, hosting coordination, infrastructure support, development workflows, backups, credentials, repositories, freelancers, support operations, and AI-related data handling.

Security measures may vary depending on the service, project scope, customer environment, package, written agreement, infrastructure provider, and customer responsibilities.

2. Certification Notice

DXBMARK does not claim to be ISO certified, SOC 2 certified, PCI certified, GDPR certified, HIPAA certified, or certified under any other security or compliance framework unless such certification is expressly published by DXBMARK or provided in writing by an authorized DXBMARK representative.

DXBMARK may use third-party providers that publish their own security certifications, audit reports, or compliance materials. Use of such providers does not mean DXBMARK itself holds those certifications.

3. Transport Security

DXBMARK uses SSL/TLS encryption for websites, applications, portals, APIs, dashboards, payment pages, and service interfaces where DXBMARK controls or manages the deployment and where technically supported.

Where third-party platforms are used, SSL/TLS availability and enforcement may depend on the provider, domain configuration, customer account settings, and infrastructure design.

4. DNS, CDN, and Web Security

DXBMARK may use Cloudflare for DNS, CDN, web security, DDoS mitigation, bot protection, traffic filtering, caching, rate limiting, and performance optimization where enabled.

Cloudflare or similar providers may process IP addresses, request logs, security events, device/browser metadata, and traffic data as required to provide security and performance services.

5. Account Security

DXBMARK uses or may use account security measures such as:

  • Two-factor authentication (2FA)
  • Passkeys where supported
  • Backup codes
  • Strong passwords
  • Account recovery controls
  • Role-based access controls
  • Separate user accounts where practical
  • Least-privilege access where practical

Customers are responsible for securing their own accounts, administrators, devices, email inboxes, domain registrar accounts, hosting accounts, payment accounts, and third-party platforms.

6. Credential Management

DXBMARK uses a Bitwarden self-hosted vault for credential storage and management where applicable.

DXBMARK prefers temporary, role-based, limited, or delegated access instead of shared super-admin credentials where practical.

Direct super-admin credentials should be provided only when necessary, customer-authorized, and required for the agreed service. Customers should avoid sending credentials through insecure channels and should revoke or rotate credentials when access is no longer needed.

7. Access Controls

DXBMARK applies access controls based on service need, role, project scope, and operational necessity.

Access to customer systems, repositories, dashboards, hosting accounts, support tools, and infrastructure should be limited to authorized personnel and contractors who need access for the agreed service.

DXBMARK may use private repositories, restricted workspaces, project-specific permissions, deployment access controls, credential management, and customer-approved access paths to protect customer systems and DXBMARK technical materials.

8. Development and Testing Environments

DXBMARK may use local, Docker, Proxmox, sandbox, staging, test, demo, and development environments to build, test, debug, demonstrate, or validate services.

Where practical, production data should not be used in development or demo environments unless necessary for the agreed service, authorized by the customer, and handled under appropriate safeguards.

Customers should avoid providing sensitive personal data, special category data, full payment card data, government ID data, health data, children's data, or other high-risk data unless strictly necessary and agreed in writing.

9. Source Code and Repositories

DXBMARK may use GitHub private repositories for source code, version control, issue tracking, code review, CI/CD workflows, deployment records, and project collaboration.

Customer access to source code, repositories, deployment credentials, administrative access, and technical handover materials is governed by the applicable written agreement, Terms of Service, Delivery and Fulfillment Policy, and payment status.

DXBMARK may protect source code and technical materials through private repositories, access controls, code review controls, license terms, confidentiality obligations, and credential management.

10. Freelancers and Contractors

DXBMARK may use freelancers, contractors, or specialist service providers for development, support, design implementation, testing, infrastructure, or related services.

Freelancer and contractor access is limited where practical to the project, task, repository, environment, or system needed for the assigned work. Contractors may be subject to confidentiality obligations, access restrictions, and project-specific instructions.

DXBMARK may restrict access to sensitive credentials, production data, customer confidential information, or administrative systems unless access is necessary for the service and authorized.

11. Backups and Recovery

Backup availability, backup frequency, retention period, restoration time, restoration cost, and recovery scope depend on the applicable package, hosting environment, service plan, written agreement, customer account settings, and third-party infrastructure provider.

DXBMARK does not guarantee 100% recovery of data. Recovery may not be possible where data has been intentionally deleted, maliciously altered, corrupted, overwritten, destroyed, removed outside the available backup retention window, or affected by a third-party provider failure outside DXBMARK's control.

Restoration is generally limited to the latest available valid backup or the backup period stated in the applicable agreement.

12. WordPress and Website Maintenance

WordPress updates, plugin updates, theme updates, CMS updates, content changes, malware cleanup, security hardening, backups, monitoring, uptime checks, and ongoing maintenance are included only where stated in the applicable maintenance package, hosting plan, SLA, proposal, invoice, or written agreement.

DXBMARK is not responsible for WordPress, plugin, theme, hosting, DNS, domain, email, or third-party platform issues outside the agreed scope.

13. Monitoring and Logging

DXBMARK may use monitoring, logging, error tracking, security alerts, hosting dashboards, server logs, application logs, access logs, audit logs, and third-party provider alerts where applicable.

The availability and retention of logs depend on the service, hosting provider, customer environment, package, written agreement, and technical configuration.

Logs may be used for security, debugging, support, fraud prevention, performance monitoring, incident response, service improvement, and compliance.

14. AI-Related Data Handling

DXBMARK may use automation or AI-assisted tools to support internal workflows, technical delivery, documentation, support preparation, debugging, content generation, data analysis, customer service, and service improvement.

DXBMARK does not intentionally train public AI models on customer personal data, payment data, confidential project data, production data, or customer-owned business data by default.

Customer personal data or confidential project materials should not be processed through AI-assisted tools unless necessary for the agreed service, authorized by the customer, and handled according to the applicable agreement, Privacy Policy, Data Processing Agreement, and documented consent or approval process.

AI-assisted responses may be informational and may require human review. AI-assisted tools are not a substitute for legal, financial, tax, security, or professional advice.

15. Incident Response

If DXBMARK becomes aware of a security incident affecting systems or data under DXBMARK's responsibility, DXBMARK will take reasonable steps to:

  • Assess the incident
  • Contain the issue where possible
  • Preserve relevant logs or evidence where practical
  • Investigate the cause and impact
  • Notify affected customers where required by law or agreement
  • Coordinate with relevant third-party providers where applicable
  • Apply remediation steps where commercially and technically reasonable

Notification timing and content may depend on legal obligations, data protection requirements, customer role, provider involvement, incident severity, and available information.

16. Customer Responsibilities

Customers are responsible for:

  • Providing accurate project and technical information
  • Maintaining their own lawful basis for data processing
  • Securing their own accounts, devices, email, domains, hosting, and third-party platforms
  • Granting least-privilege access where practical
  • Revoking access when no longer needed
  • Maintaining valid payment and renewal status for customer-owned providers
  • Backing up customer-owned systems unless DXBMARK expressly manages backups in writing
  • Not submitting sensitive data unless necessary and authorized
  • Reviewing provider terms, privacy notices, and security settings for customer-owned platforms
  • Promptly reporting suspected security issues to DXBMARK

17. Relationship to Other Policies

This Security Statement should be read with:

  • Privacy Policy
  • Data Processing Agreement Annex C
  • Terms of Service
  • SLA / Support Policy
  • Delivery and Fulfillment Policy
  • Acceptable Use Policy
  • AI-related wording in the Privacy Policy
  • Any applicable written proposal, invoice, statement of work, service plan, or agreement

18. Updates to This Statement

DXBMARK may update this Security Statement as services, infrastructure, providers, security practices, legal requirements, or business operations change.

Material updates will be published with an updated "Last Updated" date.

19. Contact Information

For security-related questions or to report a suspected security issue:

Security / Support: support@dxbmark.com Legal enquiries: legal@dxbmark.com Privacy enquiries: privacy@dxbmark.com Website: https://www.dxbmark.com

End of Security Statement