Security Policy

Last Updated: January 26, 2025

At Doroxenth, we are committed to protecting the security and integrity of our platform and the data entrusted to us by our users. This Security Policy outlines our approach to safeguarding information, maintaining system security, and responding to potential security incidents.

---

1. Information Security Framework

1.1 Security Standards

We implement industry-standard security practices and controls to protect our systems and user data. Our security framework is continuously evaluated and updated to address emerging threats and vulnerabilities.

1.2 Security Objectives

• Maintain confidentiality, integrity, and availability of data
• Protect against unauthorized access, disclosure, or modification
• Ensure business continuity and disaster recovery capabilities
• Comply with applicable security regulations and standards

---

2. Data Protection Measures

2.1 Encryption

We employ encryption technologies to protect data both in transit and at rest:

• In Transit: All data transmitted between users and our servers is encrypted using TLS protocols
• At Rest: Sensitive data stored on our systems is encrypted using industry-standard encryption algorithms
• Password Security: User passwords are hashed using strong cryptographic functions and never stored in plain text

2.2 Data Storage Security

Our data storage infrastructure implements multiple layers of security including:

• Secure data centers with physical access controls
• Network segmentation and firewall protection
• Regular security assessments and penetration testing
• Automated backup systems with encrypted storage

---

3. Access Control

3.1 Authentication

We implement secure authentication mechanisms including:

• Strong password requirements with complexity enforcement
• Multi-factor authentication options for enhanced account security
• Session management with automatic timeout features
• Account lockout policies after multiple failed login attempts

3.2 Authorization

Access to systems and data is controlled through:

• Role-based access control limiting permissions to necessary functions
• Principle of least privilege for all user accounts and system processes
• Regular review and audit of access permissions
• Immediate revocation of access upon termination of user accounts

3.3 Administrative Access

Access to administrative functions and sensitive systems is restricted to authorized personnel only and subject to:

• Enhanced authentication requirements
• Comprehensive logging and monitoring
• Periodic access reviews and recertification
• Segregation of duties where appropriate

---

4. Network Security

4.1 Infrastructure Protection

Our network infrastructure is protected through:

• Firewalls and intrusion detection systems
• Network monitoring and anomaly detection
• Regular security patches and updates
• Secure configuration of network devices and services

4.2 DDoS Protection

We implement distributed denial of service protection measures including traffic filtering, rate limiting, and redundant infrastructure to maintain service availability.

---

5. Application Security

5.1 Secure Development

Our development practices incorporate security throughout the software lifecycle:

• Secure coding standards and guidelines
• Code review and static analysis
• Security testing including vulnerability scanning
• Regular security training for development teams

5.2 Input Validation

All user inputs are validated and sanitized to prevent common vulnerabilities including injection attacks, cross-site scripting, and other malicious exploits.

5.3 Third-Party Components

We regularly assess and update third-party libraries and components to address known vulnerabilities and maintain security compliance.

---

6. Monitoring and Incident Response

6.1 Security Monitoring

We continuously monitor our systems for security threats and suspicious activities through:

• Automated security information and event management
• Log aggregation and analysis
• Real-time alerting for critical security events
• Regular security audits and assessments

6.2 Incident Response Plan

We maintain a comprehensive incident response plan that includes:

• Procedures for detecting and responding to security incidents
• Designated incident response team with defined roles
• Communication protocols for affected parties
• Post-incident analysis and remediation processes

6.3 Incident Notification

In the event of a security incident that may affect user data or account security, we will notify affected users in accordance with applicable laws and regulations. Notifications will include information about the nature of the incident, potential impact, and recommended actions.

---

7. Business Continuity

7.1 Backup and Recovery

We maintain regular backup procedures to ensure data availability and business continuity:

• Automated daily backups of critical data
• Geographically distributed backup storage
• Regular testing of backup restoration procedures
• Documented recovery time and recovery point objectives

7.2 Disaster Recovery

Our disaster recovery plan addresses potential disruptions to our services and includes procedures for restoring operations in a timely manner.

---

8. Employee Security

8.1 Security Awareness

All employees and contractors receive security awareness training covering:

• Data handling and protection requirements
• Identification and reporting of security threats
• Acceptable use of company systems and resources
• Confidentiality and non-disclosure obligations

8.2 Background Checks

We conduct appropriate background checks on employees and contractors with access to sensitive systems or data, in accordance with applicable laws.

---

9. Vendor and Third-Party Security

9.1 Vendor Assessment

We evaluate the security practices of third-party vendors and service providers who process or have access to user data. Vendors are required to maintain appropriate security measures consistent with this policy.

9.2 Contractual Requirements

Agreements with third-party vendors include security and confidentiality provisions, and vendors are required to notify us of any security incidents affecting our data.

---

10. Compliance and Auditing

10.1 Security Audits

We conduct regular internal security audits and may engage independent third parties to perform security assessments and penetration testing.

10.2 Compliance Monitoring

We monitor compliance with security policies and procedures through automated tools and manual reviews.

---

11. User Responsibilities

11.1 Account Security

Users are responsible for maintaining the security of their accounts by:

• Choosing strong, unique passwords
• Keeping login credentials confidential
• Enabling multi-factor authentication when available
• Promptly reporting suspected unauthorized access
• Logging out of shared or public devices

11.2 Reporting Security Issues

Users should report any security vulnerabilities, suspicious activities, or potential security incidents to our security team.

---

12. Vulnerability Disclosure

12.1 Responsible Disclosure

We welcome reports of security vulnerabilities from security researchers and users. If you discover a security issue, please report it to us through our designated security contact.

12.2 Disclosure Guidelines

When reporting security vulnerabilities:

• Provide detailed information to help us reproduce and address the issue
• Allow reasonable time for us to investigate and remediate before public disclosure
• Avoid exploiting the vulnerability or accessing user data beyond what is necessary to demonstrate the issue
• Do not perform testing that could harm our systems or disrupt our services

---

13. Updates to Security Practices

We continuously review and update our security practices to address new threats, technologies, and regulatory requirements. Significant changes to our security measures will be reflected in updates to this policy.

---

14. Contact Information

For security-related inquiries, to report security incidents, or to disclose vulnerabilities, please contact us at:

Email: contact@doroxenth.com
Address: Vörösmarty u. 4, 7621 Pécs, Hungary
Phone: +36 22 379 604

When contacting us about security matters, please include detailed information to help us understand and address your concern promptly.

---

15. Limitation of Liability

While we implement comprehensive security measures, no system can be completely secure. We cannot guarantee absolute security and are not liable for unauthorized access resulting from circumstances beyond our reasonable control. Users should maintain their own security practices and backups of important data.

---

Effective Date: This Security Policy is effective as of the last updated date specified above and applies to all users of the Doroxenth platform.