
Onboard
Compliant onboarding journeys optimised for conversion – all no code. Purpose-built for regulated enterprise companies.
Trust
Engineered for integrity
Your trust is our foundation. Choosing a partner for onboarding and identity verification is a business-critical decision: we therefore uphold high standards of security.
Trust
Engineered for integrity
Your trust is our foundation. Choosing a partner for onboarding and identity verification is a business-critical decision: we therefore uphold high standards of security.
Trust
Engineered for integrity
Your trust is our foundation. Choosing a partner for onboarding and identity verification is a business-critical decision: we therefore uphold high standards of security.
Secure infrastructure
Our platform runs on AWS infrastructure, with robust physical and logical safeguards. These facilities are monitored 24/7, with multi‑factor access controls and surveillance, ensuring only authorized personnel can reach our systems.
On the network side, production and non‑production environments are isolated, using virtual private networks and segmented subnets, and applying strict firewall rules. This layered approach prevents unauthorized lateral movement and tightly controls traffic flow. Combined with real‑time monitoring and automated alerting, our infrastructure is designed to stay resilient against failures and intrusions.

Secure infrastructure
Our platform runs on AWS infrastructure, with robust physical and logical safeguards. These facilities are monitored 24/7, with multi‑factor access controls and surveillance, ensuring only authorized personnel can reach our systems.
On the network side, production and non‑production environments are isolated, using virtual private networks and segmented subnets, and applying strict firewall rules. This layered approach prevents unauthorized lateral movement and tightly controls traffic flow. Combined with real‑time monitoring and automated alerting, our infrastructure is designed to stay resilient against failures and intrusions.

Secure infrastructure
Our platform runs on AWS infrastructure, with robust physical and logical safeguards. These facilities are monitored 24/7, with multi‑factor access controls and surveillance, ensuring only authorized personnel can reach our systems.
On the network side, production and non‑production environments are isolated, using virtual private networks and segmented subnets, and applying strict firewall rules. This layered approach prevents unauthorized lateral movement and tightly controls traffic flow. Combined with real‑time monitoring and automated alerting, our infrastructure is designed to stay resilient against failures and intrusions.

Access controls
Tight access controls are fundamental to our security model. Internally, least‑privilege principles are enforced: employees receive only the minimum access necessary for their roles, and every access request ied single‑sign‑on (SSO) solution for all internal systems. All team members sign confides reviewed, approved, and logged. Multi‑factor authentication is required via a confidentiality agreements, and undergo security training.
On the customer side, the platform offers role‑based access control (RBAC) so customers can map their own organizational roles to specific permissions. Whether you’re granting read‑only access to auditors or full admin rights to your risk and compliance teams, Duna lets you tailor user privileges down to detail.

Access controls
Tight access controls are fundamental to our security model. Internally, least‑privilege principles are enforced: employees receive only the minimum access necessary for their roles, and every access request ied single‑sign‑on (SSO) solution for all internal systems. All team members sign confides reviewed, approved, and logged. Multi‑factor authentication is required via a confidentiality agreements, and undergo security training.
On the customer side, the platform offers role‑based access control (RBAC) so customers can map their own organizational roles to specific permissions. Whether you’re granting read‑only access to auditors or full admin rights to your risk and compliance teams, Duna lets you tailor user privileges down to detail.

Access controls
Tight access controls are fundamental to our security model. Internally, least‑privilege principles are enforced: employees receive only the minimum access necessary for their roles, and every access request ied single‑sign‑on (SSO) solution for all internal systems. All team members sign confides reviewed, approved, and logged. Multi‑factor authentication is required via a confidentiality agreements, and undergo security training.
On the customer side, the platform offers role‑based access control (RBAC) so customers can map their own organizational roles to specific permissions. Whether you’re granting read‑only access to auditors or full admin rights to your risk and compliance teams, Duna lets you tailor user privileges down to detail.

Data encryption
With industry‑standard protocols data in transit is encrypted (TLS or equivalent) and data at rest is encrypted (AES‑256 or similar). Encryption keys are managed with strict controls and rotated regularly to minimize risk.

Data encryption
With industry‑standard protocols data in transit is encrypted (TLS or equivalent) and data at rest is encrypted (AES‑256 or similar). Encryption keys are managed with strict controls and rotated regularly to minimize risk.

Data encryption
With industry‑standard protocols data in transit is encrypted (TLS or equivalent) and data at rest is encrypted (AES‑256 or similar). Encryption keys are managed with strict controls and rotated regularly to minimize risk.

Data privacy
All customer data is stored in the European Union, under the full scope of GDPR. Data minimisation is enforced, clear consent processes are maintained, and tools are provided to meet data‑subject rights such as access, correction, and deletion requests. By combining strong encryption with local processing, customer data remains confidential and compliant.

Data privacy
All customer data is stored in the European Union, under the full scope of GDPR. Data minimisation is enforced, clear consent processes are maintained, and tools are provided to meet data‑subject rights such as access, correction, and deletion requests. By combining strong encryption with local processing, customer data remains confidential and compliant.

Data privacy
All customer data is stored in the European Union, under the full scope of GDPR. Data minimisation is enforced, clear consent processes are maintained, and tools are provided to meet data‑subject rights such as access, correction, and deletion requests. By combining strong encryption with local processing, customer data remains confidential and compliant.

Secure Development Lifecycle
Secure Development Lifecycle
Security is integral to our development process. In our secure software development lifecycle security reviews, automated testing, and expert audits are embedded at every stage.






Threat modeling
Risks are identified early and clear mitigation strategies are defined.
Peer reviews and scans
Every code change goes through rigorous peer review and static analysis to catch vulnerabilities before they reach production.
Dependency management
Third-party libraries and frameworks are continuously monitored for new vulnerabilities, and patches are applied promptly when necessary.
Penetration testing
Independent experts conduct regular penetration tests, and a public bug‑bounty program is maintained to encourage responsible reporting.






Threat modeling
Risks are identified early and clear mitigation strategies are defined.
Peer reviews and scans
Every code change goes through rigorous peer review and static analysis to catch vulnerabilities before they reach production.
Dependency management
Third-party libraries and frameworks are continuously monitored for new vulnerabilities, and patches are applied promptly when necessary.
Penetration testing
Independent experts conduct regular penetration tests, and a public bug‑bounty program is maintained to encourage responsible reporting.






Threat modeling
Risks are identified early and clear mitigation strategies are defined.
Peer reviews and scans
Every code change goes through rigorous peer review and static analysis to catch vulnerabilities before they reach production.
Dependency management
Third-party libraries and frameworks are continuously monitored for new vulnerabilities, and patches are applied promptly when necessary.
Penetration testing
Independent experts conduct regular penetration tests, and a public bug‑bounty program is maintained to encourage responsible reporting.
Certifications
Duna’s security program aligns with international standards and regulatory requirements.
ISO 27001
A global standard in Information Security Management System with formal risk management and continuous control improvements.
ISO 27001
A global standard in Information Security Management System with formal risk management and continuous control improvements.
ISO 27001
A global standard in Information Security Management System with formal risk management and continuous control improvements.
SOC 2
Duna has completed a Type I examination and are advancing through our Type II audit to demonstrate that our controls operate effectively over time.
SOC 2
Duna has completed a Type I examination and are advancing through our Type II audit to demonstrate that our controls operate effectively over time.
SOC 2
Duna has completed a Type I examination and are advancing through our Type II audit to demonstrate that our controls operate effectively over time.
GDPR & Privacy Laws
All data handling practices are designed to meet or exceed EU data protection regulations, with clear policies for consent, data minimization, and data‑subject rights.
GDPR & Privacy Laws
All data handling practices are designed to meet or exceed EU data protection regulations, with clear policies for consent, data minimization, and data‑subject rights.
GDPR & Privacy Laws
All data handling practices are designed to meet or exceed EU data protection regulations, with clear policies for consent, data minimization, and data‑subject rights.
Business Continuity & Reliability
Business Continuity & Reliability
Your onboarding processes are mission‑critical. Duna’s infrastructure is built to maximize uptime and rapid recovery. With event‑sourced architecture and infrastructure‑as‑code capabilities, environments can be rebuilt or event logs replayed quickly, ensuring business continuity even in the face of major disruptions.






Disaster recovery and backups
Regular, encrypted backups are maintained across multiple EU locations, along with an up‑to‑date disaster recovery plan that’s tested at least annually.
High availability
Critical services are deployed redundantly across separate data centers and network zones to prevent single points of failure.
24/7 monitoring and incident response
Automated monitoring alerts our on‑call teams instantly to any anomalies, enabling immediate investigation and remediation around the clock.






Disaster recovery and backups
Regular, encrypted backups are maintained across multiple EU locations, along with an up‑to‑date disaster recovery plan that’s tested at least annually.
High availability
Critical services are deployed redundantly across separate data centers and network zones to prevent single points of failure.
24/7 monitoring and incident response
Automated monitoring alerts our on‑call teams instantly to any anomalies, enabling immediate investigation and remediation around the clock.






Disaster recovery and backups
Regular, encrypted backups are maintained across multiple EU locations, along with an up‑to‑date disaster recovery plan that’s tested at least annually.
High availability
Critical services are deployed redundantly across separate data centers and network zones to prevent single points of failure.
24/7 monitoring and incident response
Automated monitoring alerts our on‑call teams instantly to any anomalies, enabling immediate investigation and remediation around the clock.

Duna Trust Center
Our Trust Center offers detailed insights into our security practices, including the specific controls and policies implemented by our teams. You can explore our compliance standards, request access to comprehensive security documentation, and gain a clear understanding of how we safeguard your data.

Duna Trust Center
Our Trust Center offers detailed insights into our security practices, including the specific controls and policies implemented by our teams. You can explore our compliance standards, request access to comprehensive security documentation, and gain a clear understanding of how we safeguard your data.

Duna Trust Center
Our Trust Center offers detailed insights into our security practices, including the specific controls and policies implemented by our teams. You can explore our compliance standards, request access to comprehensive security documentation, and gain a clear understanding of how we safeguard your data.
Next up
Next up
Next up
Industries
Customers

Industries
Customers

Industries
Customers
