Security Policy

How Re-Deem Protects Your Data

Last Updated: January 2026

Security Verified

Re-Deem undergoes regular security audits and is designed to meet EU and Irish regulatory obligations for all EU DRS models.

Quick Navigation

1. Our Security Commitment2. Data Encryption3. Authentication & Access Control4. Payment Security5. Infrastructure Security6. Web Security Headers7. Audit Logging & Monitoring8. DRS Integration Security9. Incident Response10. Shared Responsibility11. Security Reporting12. Policy Updates

1. Our Security Commitment

At Re-Deem, security is not an afterthought—it's fundamental to everything we build. As a platform handling charitable donations through the Irish Deposit Return Scheme (DRS), we understand the trust you place in us with your personal and financial information.

Our Security Promise:

  • Your data is encrypted both in transit and at rest
  • We never store payment card details on our servers
  • Regular security audits and penetration testing
  • Compliance with Irish and EU data protection regulations

2. Data Encryption

2.1 Encryption In Transit

All data transmitted between your device and Re-Deem servers is protected using industry-standard encryption:

  • TLS 1.3 - The latest Transport Layer Security protocol
  • HTTPS Only - All connections are encrypted; HTTP is rejected
  • HSTS Enabled - Browsers are instructed to always use secure connections

2.2 Encryption At Rest

Sensitive data stored in our databases is encrypted using strong cryptographic standards:

Data TypeEncryption Method
Passwordsbcrypt with 12 rounds (one-way hash)
Bank Details (IBAN/SWIFT)AES-128-CBC (Fernet)
OAuth TokensAES-128-CBC (Fernet)
Session TokensCryptographically secure random generation

3. Authentication & Access Control

3.1 User Authentication

  • Email Verification - All accounts must verify email ownership
  • Google OAuth 2.0 - Secure social login with PKCE protection
  • Password Requirements - Minimum 8 characters with complexity rules
  • Session Management - Secure tokens with automatic expiration

3.2 Brute Force Protection

Re-Deem implements account lockout protection after 5 failed login attempts. Locked accounts are automatically unlocked after 15 minutes. This prevents automated password guessing attacks while minimising inconvenience to legitimate users.

3.3 Rate Limiting

API endpoints are protected with rate limiting to prevent abuse:

  • Registration: 5 requests per minute
  • Login: 10 requests per minute
  • Donations: 10 requests per minute
  • Voucher Scanning: 20 requests per minute

4. Payment Security

Re-Deem uses Stripe as our payment processor. Stripe is a PCI-DSS Level 1 certified service provider—the highest level of certification in the payments industry.

PCI-DSS Compliant

We never store, process, or transmit credit card numbers on our servers. All payment data goes directly to Stripe's secure infrastructure.

Payment Security Features:

  • Tokenisation - Card details are replaced with secure tokens
  • 3D Secure - Additional authentication for card payments
  • Fraud Detection - Stripe Radar monitors for suspicious activity
  • Idempotency Keys - Prevent duplicate transactions

5. Infrastructure Security

5.1 Cloud Infrastructure

Re-Deem is hosted on enterprise-grade cloud infrastructure with multiple layers of security:

  • Kubernetes - Container orchestration with network policies
  • Web Application Firewall (WAF) - Protection against common attacks
  • DDoS Protection - Automatic mitigation of denial-of-service attacks
  • EU Data Residency - Data stored within the European Union

5.2 Database Security

  • MongoDB Atlas - Managed database with encryption at rest
  • Network Isolation - Database not publicly accessible
  • Automated Backups - Regular backups with point-in-time recovery
  • Access Logging - All database access is logged and monitored

6. Web Security Headers

Re-Deem implements comprehensive security headers to protect against common web vulnerabilities:

X-Content-Type-Options: nosniff

Prevents MIME type sniffing attacks

X-Frame-Options: DENY

Prevents clickjacking attacks

X-XSS-Protection: 1; mode=block

Enables browser XSS filtering

Strict-Transport-Security: max-age=31536000

Enforces HTTPS connections

Content-Security-Policy: default-src 'self'

Restricts resource loading to prevent XSS

7. Audit Logging & Monitoring

Re-Deem maintains comprehensive audit logs for security monitoring and compliance:

Events We Log:

  • User authentication (login, logout, failed attempts)
  • Account creation and modifications
  • Donation transactions
  • Voucher scanning and redemption
  • Organisation registrations
  • Administrative actions
  • Security events (lockouts, suspicious activity)

Log Information Captured:

  • Timestamp (UTC)
  • User identifier (hashed for privacy)
  • IP address
  • User agent
  • Action performed
  • Request ID for traceability

8. DRS Integration Security

Re-Deem is designed to integrate securely with Deposit Return Schemes (DRS) across the European Union, including the Irish DRS operated by Re-Turn. Our platform is built to be compliant with EU and Irish regulatory obligations for all EU DRS models, following industry best practices:

OAuth 2.0 with PKCE

We use OAuth 2.0 Authorization Code flow with Proof Key for Code Exchange (PKCE) for secure DRS authentication. This prevents authorization code interception attacks and ensures secure token exchange across all supported DRS platforms.

EU & Irish DRS Compliance:

  • EU Single-Use Plastics Directive (EU) 2019/904 - Article 9: Separate collection requirements for beverage containers
  • EU Packaging & Packaging Waste Directive 94/62/EC - Article 7: Return, collection and recovery systems
  • EU Packaging & Packaging Waste Regulation (PPWR) 2024 - Article 50: Deposit return scheme requirements
  • Irish Circular Economy Act 2022 - Part 4: Deposit Return Scheme provisions
  • Irish Circular Economy Regulations S.I. No. 599/2021 - DRS implementation framework
  • GDPR (EU) 2016/679 - Articles 5, 6, 25, 32: Data protection by design and security of processing
  • Cross-Border Ready - Architecture supports multiple EU DRS operators

DRS Security Measures:

  • State Parameter - CSRF protection on OAuth flows
  • Token Encryption - DRS tokens encrypted at rest
  • Automatic Token Refresh - Secure token lifecycle management
  • Scope Limitation - Only request necessary permissions
  • Transaction Logging - All DRS transactions are audited

9. Incident Response

Re-Deem has established procedures for responding to security incidents:

Our Incident Response Process:

1. Detection & Analysis

Automated monitoring and manual review to identify and assess incidents

2. Containment

Immediate action to limit the impact and prevent further damage

3. Eradication & Recovery

Remove the threat and restore systems to normal operation

4. Notification

Inform affected parties and regulators as required by GDPR (within 72 hours)

5. Post-Incident Review

Analyse the incident and implement improvements

10. Shared Responsibility

Security is a shared responsibility. While Re-Deem implements robust security measures, users also play an important role in keeping their accounts secure.

What We Do:

  • Encrypt your data in transit and at rest
  • Monitor for suspicious activity
  • Keep our systems updated and patched
  • Conduct regular security assessments

What You Can Do:

  • Use a strong, unique password for your Re-Deem account
  • Don't share your login credentials with others
  • Log out from shared or public devices
  • Keep your devices and browsers updated
  • Report suspicious emails or activity to us immediately

11. Security Reporting

If you discover a security vulnerability in Re-Deem, we encourage responsible disclosure. Please report security issues to us so we can address them promptly.

Report Security Issues:

Email: security@re-deem.ie

Please include as much detail as possible about the vulnerability, including steps to reproduce and potential impact.

What Happens Next:

  • 1.We will acknowledge your report within 48 hours
  • 2.Our security team will investigate and validate the issue
  • 3.We will work to fix the vulnerability promptly
  • 4.We will notify you when the issue is resolved

12. Policy Updates

This Security Policy may be updated periodically to reflect changes in our security practices, technologies, or regulatory requirements.

We will notify users of significant changes to this policy via email or through a prominent notice on our platform. We encourage you to review this policy regularly to stay informed about how we protect your information.

Questions About Security?

Our security team is here to help with any questions or concerns about how we protect your data.

security@re-deem.ie