ISO 27001

GDPR Ready

99.5% uptime

Build secure, reliable websites every time

Every website built using Duda is backed by enterprise-grade security and industry-leading reliability, so you can worry less about your infrastructure and focus more on delivering great websites.

A screenshot of a smart homes website with a door handle

Secure from the start

A pair of blue squares with diagonal lines on them on a white background.

Rock-solid infrastructure

Build sites that can weather any storm with 99.5% uptime, advanced cybersecurity practices, and automatic backups.

Secure development

With Duda, security starts at development. Code is written in a way that minimizes risk and is then repeatedly tested for vulnerabilities.

A blue square with arrows pointing in opposite directions on a white background.

Protected data

Your data, and your customers’ data, is carefully protected by industry standards like ISO 27001 and engineering safeguards.

A blue shield icon on a white background.

Websites built using Duda boast advanced cybersecurity practices, automatic data protections, and ultra-reliable hosting—all of which come together to form a strong foundation.

Rock-solid infrastructure

The entire Duda platform, from individual websites to the editor itself, is hosted on Amazon’s dependable AWS platform to provide the reliability your clients expect. See it for yourself.

99.5% site uptime

Duda websites come with automated DDoS mitigation, SSL certificates, data encryption, and strict access controls out of the box to squash attacks from bad actors—all without you needing to even lift a finger. 

Advanced cyber security

Your data, and your customer’s data, is physically dispersed across multiple cloud-computing zones and automatically backed up to reduce risk while ensuring integrity and easy recovery.

Worry-free data storage


At Duda, a high degree of security and reliability is woven throughout the platform—starting with the very first line of code and continuing throughout the life of the product.


Secure software development

We incorporate industry-leading security practices throughout the entire development process via rigorous information governance and best practice organizational procedures.

Secure software development lifecycle

Through automated scanning, continuous patch deployment, and blackbox penetration testing we constantly monitor for—and mitigate—any vulnerabilities.

Vulnerability management

We employ SAST, DAST, and SCA testing tools alongside cloud-infrastructure vulnerability scanners to ensure the security and integrity of the platform.

Security testing

Your data is in good hands

Through a thoughtful system of engineering and organization safeguards, your data, and your customer’s data, is locked down and safe from prying eyes.

Secure information practices

Duda implements a comprehensive and continuously improving information security policy in accordance with ISO 27001:2022 to maintain the highest level data security.



Robust user permissions

Account owners can tailor the level of access each client and teammate has down to the individual feature, so edit access is only available to those who need it.


Password safety built-in

Enforce an added level of security and mitigate phishing and other password-related risks with multi-factor authentication (MFA) and single sign-on (SSO).

Privacy and consent management

All Duda sites come with Privacy and Privacy Settings pages available right out of the box, alongside support for Cookie Notifications and tracking toggles.



GDPR ready

With support for Europe-only hosting in Frankfurt and advanced cookie compliance integrations, Duda lets you build sites that stand up to the strictest privacy regulations.


Delete and destroy

Customer Data is only retained so long as Duda and the partner or customer have an active agreement—after that it’s destroyed.

FAQs

  • How often does Duda go down?

    The Duda professional website builder is highly stable with a 99.5% uptime guarantee. Uptime status is monitored and reported live.

  • Do I need to buy an SSL certificate?

    No. Duda provides, and automatically renews, SSL certificates for every site published at no additional cost.

  • Do I need to get DDoS protection?

    No. Duda provides robust DDoS protection for every site published, and the editor itself, at no additional cost.

  • What data encryption methods does Duda use?

    Duda uses HTTPs and TLS 1.2/1.3 to encrypt data in transit, while data at rest is protected by AES-256 encryption.

Does your organization need additional, or more specific, information regarding Duda’s security practices? Let us know what you need. Technical security information may be available upon request.

Dive into the details