Back to home

Security and operations

Security and IT policies

Udhold builds websites, software, AI integrations and technical systems with practical security as part of the work. This page describes the principles we normally follow.

Last updated: July 5, 2026

Access

Secrets

Backup

MFA
Least privilege
GDPR consent
Environment separation
Recovery plan

Security by default

We consider access control, data minimization, logging, backup, updates and simple operational routines from the beginning, so a solution is not only finished visually but can also be used responsibly.

For client projects we generally recommend MFA for relevant accounts, least-privilege access, separated development and production environments, and clear ownership of domains, hosting, analytics and third-party services.

Project policy

For new projects we clarify which data the solution handles, who needs access, which integrations are used, and how the solution can be restored or moved.

Secrets, API keys and credentials should be stored in relevant environment variables or secure access systems. They should not live in client code, screenshots or shared documents.

GDPR and processor role

Udhold ApS may act as supplier or data processor depending on the task. If we process personal data on behalf of a client, a data processing agreement should be agreed.

We work from data minimization: collection and storage should be limited to what is necessary for the purpose. Analytics and marketing measurement should be activated after valid consent where relevant.

Cloud, integrations and third parties

Udhold can help assess cloud claims, encryption, access, backup, logs and integration risks. The previous Udhold profile focused on cybersecurity, and that experience is now used as a practical layer in software and web projects.

Third-party tools are selected based on need, cost, operations and risk. Clients should have access to their core accounts so solutions are not unnecessarily locked to one supplier.