What if CertNudge ever suffers a data breach?
Security, Privacy & Data Protection
In the event of a data breach, CertNudge will act swiftly, transparently, and in full compliance with GDPR and ICO reporting requirements.
Our Immediate Response Plan
- ICO Notification: We will notify the UK Information Commissioner’s Office within 72 hours of confirming the breach
- User Notification: All affected users will be informed directly via email with details on what happened and what steps to take
- Mandatory Password Reset: All user accounts will be force-logged out and required to set a new password on next login
Full Transparency: Root-Cause Report
After the incident is resolved, we’ll publish a non-technical root-cause report summarising what occurred, how it was contained, and what improvements we’ve implemented to prevent future incidents. We believe in complete transparency and user trust.
How We Reduce the Risk in the First Place
- Encryption at rest and in transit: All data is encrypted using TLS and AES-256
- Isolated access controls: Admin access is role-restricted and fully audited
- Security patches: We keep all dependencies and hosting environments up-to-date
- 2FA support: Available to all users for additional login protection
Want to check your current account security?
Visit Profile → Two-Factor Auth to enable 2FA, or Profile → Personal Data to export or delete your data anytime.