This Security Policy summarises technical and organisational measures used to protect the Ludo Leisure Suite, customer data, and visitor information.
1. Governance
Security responsibilities are assigned to engineering, operations, and leadership roles. We review access, incidents, infrastructure changes, and customer security requirements as part of normal service delivery.
2. Access control
Administrative access is limited to authorised personnel with a business need. We use role-based access controls, multi-factor authentication where supported, least-privilege principles, and access review for sensitive systems.
3. Encryption
Ludo uses TLS for data in transit and encryption for sensitive data stores where supported by the underlying platform. Full card numbers are handled by payment partners and are not stored by Ludo.
4. Logging and monitoring
We use logs, alerts, and operational monitoring to detect service issues, suspicious activity, and security events. Log retention depends on the system and the purpose of the record.
5. Development practices
We use code review, dependency management, environment separation, secret scanning, privacy audits, and production change controls appropriate to the risk of the change.
6. Incident response
If we identify a security incident, we assess scope, contain the issue, preserve relevant records, notify affected customers or regulators where required, and review corrective actions.
7. Customer responsibilities
Customers are responsible for their own user access, staff training, device handling, venue networks, event content, and any third-party systems they connect to Ludo unless a signed agreement says otherwise.
8. Reporting security issues
Security concerns may be reported to gday@ludo.computer.