Trust Center

Mylemans Online is a single-person IT consultancy focused on secure, reliable, and privacy-conscious delivery of infrastructure, cloud, and advisory services.

This website and its activities are part of my independent personal brand and are not affiliated with or representing my employer.

Projects operated under separate domains and infrastructure (such as pangolin.safetunnel.app) are independent offerings for homelab and creator audiences, and are not positioned as enterprise managed-service replacements.

I don’t claim formal certification (ISO 27001 / NIS2), but I do implement practical, industry-recognized security best practices aligned with CIS Controls and ISO guidance.

Security Overview

Identity & Access

  • Password manager for all credentials
  • Multi-factor authentication (MFA) enabled on all critical services
  • Least-privilege access where possible (scoped permissions, separate admin access)

Device Security

  • Full-disk encryption enabled on work devices
  • Automatic operating system and browser security updates enabled
  • Endpoint protection enabled (Microsoft Defender or equivalent)
  • Screen lock and secure device configuration baseline

Infrastructure & Network

  • Minimal internet exposure: admin interfaces restricted (VPN / IP allowlist where feasible)
  • Firewalling and hardened configurations
  • HTTPS/TLS for public services

Backups & Recovery

  • Backups follow the 3-2-1 principle (local, offsite, versioned/offline)
  • Restore tests performed periodically
  • Priority-based recovery approach for critical services

Monitoring & Logging

  • Logs retained for relevant services (firewall/VPS/cloud admin activity where applicable)
  • Basic alerting/awareness for suspicious access patterns when supported by the platform

Privacy & GDPR

Data Minimization

I only access and store data that is necessary to deliver the agreed services.

Separation of Client Data

Client data is organized per customer/project to reduce accidental exposure and simplify cleanup.

Retention

Data is retained only as long as operationally required and is deleted when no longer needed, subject to legal obligations.

Data Processing Agreement (DPA)

A Data Processing Agreement can be provided on request when Mylemans Online processes personal data on behalf of a client.

Incident Handling

If a security incident is suspected:

  1. Containment and investigation
  2. Credential/session resets if needed
  3. Recovery actions (including restores when required)
  4. Client notification when relevant
  5. Documentation and preventive improvements

Working With Clients

Access to Your Environment

  • Access is requested and used only for the purpose of delivering the service
  • Privileged access is kept to the minimum required
  • Credentials are handled securely (password manager / secure sharing)

Subprocessors

I may rely on standard third-party providers required to deliver services (e.g., hosting, DNS, backups). Providers are selected with reasonable security and GDPR considerations.

Responsible Disclosure

If you believe you found a security issue related to my services, please contact me with:

  • Description of the issue
  • Steps to reproduce (if applicable)
  • Potential impact

I will confirm receipt and work toward a fix as quickly as reasonably possible.

Contact

For questions or support:

Mylemans Online
Email: [email protected]