Security

Infrastructure

DMI runs on enterprise-grade cloud infrastructure with redundant availability zones. All data is stored within the UK/EEA. We maintain automated backups with point-in-time recovery.

Encryption

All data in transit is encrypted using TLS 1.3. Data at rest is encrypted using AES-256. Authentication credentials (verification codes) are stored as SHA-256 hashes — we never store plaintext credentials.

Authentication

DMI uses passwordless, OTP-based authentication. A time-limited 6-digit code is sent to your registered email for every sign-in. Codes expire after 15 minutes and are invalidated after three failed attempts.

Access control

Role-based access control (RBAC) restricts what each team member can view and change within a workspace. Admin operations — including member management and financial settings — require elevated permissions.

Personal data (such as private email inboxes) is inaccessible even to workspace administrators.

Penetration testing

We conduct regular internal security reviews and will engage independent penetration testers annually. Results and remediation timelines are reviewed by our engineering leadership.

Vulnerability disclosure

If you discover a potential security issue, please email security@dmi.marketing. We aim to acknowledge reports within 48 hours and provide a remediation timeline within 10 working days. We do not pursue legal action against good-faith reporters.

Incident response

In the event of a data breach affecting personal data, we will notify affected customers and the ICO within 72 hours where required under UK GDPR.