Draft website policy — review before launch

Security

This page explains the intended security approach for the Cited.ie website and form handling.

Form Handling

Production form submissions are processed through a server-side endpoint, not written directly from the browser to the database.

Data Access

Access to lead and client data is limited to authorised Cited.ie operators, with multi-factor authentication where supported.

Spam And Abuse Protection

Forms use server-side validation, a honeypot field, CSRF protection, and rate limiting before production launch.

Minimal Email Notifications

Email notifications avoid sending full personal data where possible. A safer pattern is to notify the team that a lead exists and review details inside a secure admin area.

Incident Response

A production version should document how security issues are logged, reviewed, and escalated.