/Security

Duda’s site-level privacy & consent features

Up to this point, we've talked through the importance of controlling access to sensitive information as well as what Duda is doing behind the scenes to support security for you and your customers.


Now we're going to talk about some of the features Duda offers at the site-level that you should engage with to ensure optimal security for you and your clients.

Privacy & consent tools

Although privacy is not necessarily classified as a direct security measure, it plays a crucial role in creating a safe and enjoyable online experience. Not to mention, ensuring that your websites are compliant with privacy regulations contributes to the overall trustworthiness and usability of your sites.


Let's start with the basics.

What are privacy tools?

Website privacy tools are solutions that help site owners protect user data, comply with privacy laws, and build trust with their audience. These tools assist in managing cookies, securing personal information, and ensuring that websites follow regulations like GDPR (General Data Protection Regulation), CCPA (California Consumer Privacy Act), and other global privacy standards.

Common types:

Consent Management Platforms (CMPs)

A Consent Management Platform (CMP) is a tool that helps website owners obtain and manage user consent for the collection and processing of personal data. These tools can have a wide range of capabilities, but they often include:

  • Tracking and cookie consent

    These tools help websites obtain user consent before tracking cookies or collecting personal data.

    Find in app store
  • Generate privacy policies

    Automatically generate privacy policies tailored to legal requirements based on the site's data collection practices.

    Find in app store
  • Create opt-out mechanisms

    Implements mechanisms that respect user preferences for not being tracked online, or allows users to request, download, or delete their personal data to comply with laws like GDPR. 

    Find in app store

Duda offers several Consent Management apps within the Duda App Store to help you manage consent and ensure compliance with privacy regulations. These apps assist with tasks such as:

  • Asking users for consent before collecting cookies
  • Providing clear explanations about what personal data is being collected
  • Enabling users to manage their data preferences.

Although there aren't 'official' guidelines on when a site requires the use of a CMP tool, it’s important to choose a privacy tool that aligns with the legal requirements in your region—especially if your websites handle sensitive user data.

Privacy pages

Duda also provides a feature within the editor that allows you to add a privacy page to your website.

Be advised that a privacy page alone may not fully address privacy compliance requirements (depending on your website's audience, geographic location, or data processing practices).

SSL encryption

SSL (Secure Sockets Layer) is a security protocol that protects user data from unauthorized access by encrypting it between a server and a client (i.e., between the website and the user’s browser).


Duda offers SSL certificates free of charge  for all websites built with Duda.

Important

While SSL is enabled by default for Duda sites, it is still the site owner's responsibility to verify that the SSL certificate is active and that the website is accessible via HTTPS (the secure version of HTTP).


If SSL is removed or expired, your website will not be secure, and visitors may be warned by their browsers about potential security risks. It is highly recommended to keep SSL enabled at all times.

Bottom line

Duda provides tools and connections to 3rd party apps to help protect privacy and manage consent, however, the responsibility lies with the site's owner to make sure these tools are implemented and used correctly. You, as their trusted resource, will likely get involved in these conversations as well.

Security actions to takeaway from this section:


  • When considering whether more advanced privacy and consent management tools might be needed, think about whether or not your site is collecting or using personal data. If it does, consider implementing Consent Management Platforms (CMP) from Duda’s app store or third-party providers to comply with regulations like GDPR and CCPAake extra care with third-party integrations to ensure that they are properly secured


  • Ensure SSL is active and your sites are served via HTTPS. Duda provides SSL for free, but it’s your responsibility to maintain it.

Whew! We've covered a lot.  Thinking back to our layers of security diagram, recall that we started out discussing the security measures Duda handles, briefly discussed app partners, then ran through security-related actions you can take including managing permissions/access at the account level, and SSL and privacy settings at the site level.


The final lesson will cover basic security recommendations that everyone should follow— your clients, your team, and yourself.