Draft website policy — review before launch
Security
This page explains the intended security approach for the Cited.ie website and form handling.
Form Handling
Production form submissions are processed through a server-side endpoint, not written directly from the
browser to the database.
Data Access
Access to lead and client data is limited to authorised Cited.ie operators, with multi-factor
authentication where supported.
Spam And Abuse Protection
Forms use server-side validation, a honeypot field, CSRF protection, and rate limiting before
production launch.
Minimal Email Notifications
Email notifications avoid sending full personal data where possible. A safer pattern is to notify the
team that a lead exists and review details inside a secure admin area.
Incident Response
A production version should document how security issues are logged, reviewed, and escalated.