Security Policy
Last Updated: May 26, 2024
Clost Renvak ("we," "us," or "our") is committed to protecting the security of our platform, systems, and the data entrusted to us by our users. This Security Policy describes the measures we take to safeguard information and outlines the responsibilities of users in maintaining a secure environment.
1. Scope
This policy applies to all systems, services, and infrastructure operated by Clost Renvak under the domain clostrenvak.com, including web applications, APIs, databases, and any third-party integrations used to deliver our services.
2. Data Protection and Storage
2.1 Encryption
All data transmitted between users and our platform is encrypted using industry-standard Transport Layer Security (TLS). Sensitive data stored in our databases is encrypted at rest using strong encryption algorithms.
2.2 Data Minimization
We collect only the data necessary to provide our services. Unnecessary or outdated data is securely deleted in accordance with our data retention schedules.
2.3 Backups
Critical data is backed up regularly. Backups are encrypted and stored in geographically separated locations to ensure availability in the event of a failure or incident.
3. Access Control
3.1 Principle of Least Privilege
Access to systems and data is granted on a need-to-know basis. Employees and contractors receive only the permissions required to perform their designated duties.
3.2 Authentication
Administrative access to production systems requires multi-factor authentication (MFA). Passwords must meet complexity requirements and are never stored in plaintext.
3.3 Session Management
User sessions are time-limited and invalidated upon logout. Concurrent session controls are enforced where applicable to reduce unauthorized access risk.
4. Infrastructure Security
4.1 Network Security
Our infrastructure is protected by firewalls, intrusion detection systems, and network segmentation. Unnecessary ports and services are disabled. Regular vulnerability scans are conducted across our network perimeter.
4.2 Server Hardening
All servers are configured according to established hardening guidelines. Operating systems and software dependencies are kept up to date with security patches applied promptly upon release.
4.3 Third-Party Services
Third-party vendors and integrations are evaluated for their security practices before adoption. We limit the data shared with third parties to what is strictly necessary for the service to function.
5. Application Security
5.1 Secure Development Practices
Our development process incorporates security reviews at each stage. Code changes are reviewed by peers before being merged and deployed to production environments.
5.2 Vulnerability Management
We conduct periodic security assessments, including automated scanning and manual code reviews, to identify and remediate vulnerabilities in our application layer.
5.3 Dependency Management
Third-party libraries and dependencies are monitored for known security vulnerabilities. Critical patches are applied as soon as they become available.
5.4 Input Validation
All user-supplied input is validated and sanitized on the server side to protect against common attack vectors including SQL injection, cross-site scripting (XSS), and cross-site request forgery (CSRF).
6. Monitoring and Incident Response
6.1 Logging and Monitoring
System events, access logs, and error reports are collected and monitored continuously. Anomalous activity triggers alerts for investigation by our security team.
6.2 Incident Response
We maintain an incident response plan that defines procedures for identifying, containing, and resolving security incidents. Upon confirmation of a breach affecting user data, affected users and relevant parties will be notified without undue delay in accordance with applicable obligations.
6.3 Post-Incident Review
Following any significant security incident, we conduct a thorough post-mortem analysis to identify root causes and implement preventive measures to avoid recurrence.
7. Physical Security
Our services are hosted in data centers that maintain physical access controls, including restricted entry, surveillance systems, and environmental protections against fire, flood, and power disruption. Physical access to server hardware is limited to authorized personnel only.
8. User Responsibilities
Security is a shared responsibility. Users of the Clost Renvak platform are expected to:
- Keep their login credentials confidential and not share them with others
- Use strong, unique passwords for their accounts
- Enable multi-factor authentication where the option is available
- Log out of their account when using shared or public devices
- Report any suspicious activity or unauthorized access immediately
- Refrain from attempting to probe, test, or exploit platform vulnerabilities without explicit written authorization
9. Responsible Disclosure
If you discover a potential security vulnerability in our platform, we encourage responsible disclosure. Please report your findings to us at contact@clostrenvak.com before making any public disclosure. We commit to acknowledging your report promptly, investigating the issue in good faith, and working toward a resolution. We will not pursue legal action against researchers who act in accordance with this responsible disclosure guideline.
Please include in your report:
- A clear description of the vulnerability
- Steps to reproduce the issue
- Potential impact assessment
- Any supporting evidence such as screenshots or proof-of-concept code
10. Security Awareness
Our team members receive regular security awareness training covering topics such as phishing recognition, safe data handling, password hygiene, and incident reporting procedures. Security guidelines are reviewed and updated on a routine basis.
11. Compliance and Audits
We periodically engage independent parties to conduct security audits and penetration tests of our platform. Findings are prioritized and remediated based on severity. We maintain internal documentation supporting our compliance with applicable data protection and security standards.
12. Policy Updates
This Security Policy may be updated from time to time to reflect changes in our practices, technology, or legal obligations. The date at the top of this page indicates when the policy was last revised. Continued use of our platform after any changes constitutes acceptance of the updated policy. We encourage you to review this page periodically.
13. Contact
If you have questions, concerns, or requests related to this Security Policy, please contact us:
| Channel | Details |
|---|---|
| contact@clostrenvak.com | |
| Phone | +380 50 465 08 82 |
| Chat on WhatsApp | |
| Address | Dmytrivska St, 76, Kyiv, Ukraine, 01135 |