Security Statement
Last updated: 3rd October 2025
At Code & Wander, we take the security of our clients’ data and digital assets seriously. While we are a creative agency at heart, we operate with the same discipline and care as larger organisations when it comes to protecting information.
Our approach to security
- Secure infrastructure
We use trusted cloud platforms such as Webflow, AWS, and Vercel, which maintain industry-leading security certifications (ISO 27001, SOC 2, GDPR compliance). - Encryption
Data is encrypted in transit (TLS/SSL) and, where applicable, at rest. - Access controls
Only authorised team members and trusted subcontractors have access to client data. Access is granted on a “least privilege” basis and reviewed regularly. - Backups & continuity
We rely on cloud-native backups and version control to minimise disruption and ensure service continuity. - Monitoring & updates
We apply security updates promptly to software and dependencies, and we monitor for vulnerabilities in the tools we use.
Data handling
- We follow a privacy-by-design approach in all our projects.
- We only process personal data as necessary and in line with GDPR/UK GDPR.
- When acting as a processor on behalf of clients, we comply with their Data Processing Agreements.
Third-party services
Where we rely on third-party platforms or providers, we select partners who demonstrate strong security and compliance standards.
Reporting concerns
If you believe you’ve found a security issue with our website or services, please contact us at hello@codeandwander.com. We take all reports seriously and will investigate promptly.
Continuous improvement
Security is an ongoing process. We regularly review and improve our practices to ensure we meet the expectations of our clients, including enterprise organisations.