Home
NE: Storefront & Product (Course 2)
Dynamic Content: Connected Data, Collections, and Dynamic Pages
eComm: Plan Your Online Store
Editor2.0 for Classic users
Classic to Editor 2.0
Content Automation
Connected Templates (non-API)
Security course
Brief + Design Specs for Wood's website
C1 - Collect content + create a site
C2 - Workspace: Editor 2.0
C3 - Media Management & Global Theming
C4 - Breakpoints
C5 - Headers
C6 -Layout components: Columns
C7 - Advanced Grid
C8 -[Optional] Build more sections
Path Summary
Size & Units
Unused (Editor 2.0)
Getting Started with Duda (e2.0 version)
Zapier I
Zapier II
Callout options
DIY for Project Leads
DIY Flow (API)
Archived
- V1-Security
Develomark
- Develomark - Revisionless Design
- Develomark - Digital Ads
Build a Duda MVP with AI
NE: Checkout
Bookings

Home
NE: Storefront & Product (Course 2)
Dynamic Content: Connected Data, Collections, and Dynamic Pages
eComm: Plan Your Online Store
Editor2.0 for Classic users
Classic to Editor 2.0
Content Automation
Connected Templates (non-API)
Security course
Brief + Design Specs for Wood's website
C1 - Collect content + create a site
C2 - Workspace: Editor 2.0
C3 - Media Management & Global Theming
C4 - Breakpoints
C5 - Headers
C6 -Layout components: Columns
C7 - Advanced Grid
C8 -[Optional] Build more sections
Path Summary
Size & Units
Unused (Editor 2.0)
Getting Started with Duda (e2.0 version)
Zapier I
Zapier II
Callout options
DIY for Project Leads
DIY Flow (API)
Archived
- V1-Security
Develomark
- Develomark - Revisionless Design
- Develomark - Digital Ads
Build a Duda MVP with AI
NE: Checkout
Bookings

Get in touch

555-555-5555

mymail@mailservice.com

/Security

Permissions management

There are certain areas within the Duda platform that handle more sensitive data, and it’s important to be aware of how to manage access and security for these sections. Below are some of the key areas to consider:

Contact form submissions

The contact form submission area may contain personally identifiable information (PII) such as email addresses, physical addresses, names, phone numbers, and other details submitted via contact forms. Duda cannot restrict access to these submissions, so it is critical to ensure that only authorized users have access to this information.

eCommerce

Both Duda’s Native eCommerce and Third Party Store solutions handle customer orders, which can include sensitive data like payment details and customer addresses. While Duda doesn't collect an extensive amount of sensitive information, it's still important to handle this area with care and ensure secure access for those who need it.

Billing setup

The Payment tab in the billing setup area is only accessible to the account owner. This area contains sensitive billing information and should be protected to prevent unauthorized access.

Members-Only Pages

Pages restricted to members-only may contain sensitive data that requires secure handling. These pages are intended for authorized users only, and any data they contain should be treated with the utmost care.

For these areas of the platform, ensure that only your employees who need to view or manage this data have access.

Security for third-party integrations, Apps, & custom code

There are ways several ways to extend a website's capabilities beyond what Duda offers natively. These areas are require special attention to ensure secure use. Let's review each one:

Third-party integrations

Duda offers the ability to integrate with third-party solutions. For instance, data collected via contact forms can be shared with Google Sheets or used in Zapier routines. However, it is the user’s responsibility to manage these integrations securely and ensure that any data shared with third parties is handled properly.

Apps in Duda’s App Store

Many apps available in Duda’s App Store may also collect sensitive data. For example, Paperform can collect sensitive information. While Duda manages security for the platform itself, be aware of how these third-party apps handle data and ensure your team and your clients are using them securely.

Use of Custom Code and Code Snippets

Duda also allows users to add custom code to websites. Custom code is great for extending the capabilities of your sites, but an introduce security risks— especially if someone is unfamiliar with the code they are adding to a site.

Make sure that any code added is secure, and that it does not expose the platform to vulnerabilities. Always review and test custom code thoroughly before deploying it.

Bottom line

Be aware that part of your security responsibility is to:

manage access to sensitive areas of the platform
take extra care with third-party integrations to ensure that they are properly secured
manage custom code carefully and always prioritize security when adding or editing code on the platform

By following these best practices, you can help protect sensitive information and maintain a secure Duda environment.

Next up: we're going to run through some of the features within Duda's platform that we recommend using to enhance security beyond access controls.