Security at DeCamino

Our commitment

Security and privacy are essential. We apply technical and organizational measures to protect information of our customers and visitors.

Technical measures

• TLS/HTTPS across all traffic (TLS 1.2+), HSTS enabled.
• At-rest encryption and secure secret management.
• Input validation, form rate-limiting, CSRF/XSS protections.
• Automated backups and periodic restore tests.
• Isolated environments: dev, test, production.
• Monitoring and access/error logging.

Organizational controls

• Least-privilege access; 2FA for internal accounts.
• GDPR compliance and DPAs with processors.
• Minimal retention aligned to declared purpose.

Incident response

We investigate quickly, contain impact, and notify affected parties. When required, we notify the authority within 72h.

Responsible disclosure

Report to security@decamino.es (or info@decamino.es) with steps and impact.

security.txt

We publish our contact at /.well-known/security.txt.

For personal data requests, use the GDPR page.