Security Policy
Last Updated: February 7, 2025
At Serikdun, we are committed to protecting the security and integrity of your personal information and our platform. This Security Policy outlines the measures we implement to safeguard your data and maintain a secure environment for all users.
1. Information Security Framework
We have established a comprehensive information security framework designed to protect all data processed through our webinar platform. Our security practices are regularly reviewed and updated to address emerging threats and vulnerabilities.
1.1 Security Governance
Our organization maintains dedicated security personnel responsible for monitoring, implementing, and enforcing security policies across all systems and processes. Security considerations are integrated into every stage of our development and operational lifecycle.
1.2 Risk Assessment
We conduct regular risk assessments to identify potential vulnerabilities and threats to our systems and your data. These assessments inform our security strategy and prioritization of protective measures.
2. Data Protection Measures
2.1 Encryption
All data transmitted between your device and our servers is encrypted using industry-standard protocols. Sensitive information stored in our databases is encrypted at rest using advanced encryption algorithms.
2.2 Access Controls
We implement strict access controls to ensure that only authorized personnel can access sensitive data. Access is granted based on the principle of least privilege, with employees receiving only the minimum access necessary to perform their duties.
2.3 Authentication
User accounts are protected through secure authentication mechanisms. We encourage users to create strong passwords and offer multi-factor authentication options for enhanced account security.
2.4 Data Segregation
Customer data is logically segregated within our systems to prevent unauthorized cross-access between different user accounts and organizations.
3. Infrastructure Security
3.1 Network Security
Our network infrastructure is protected by firewalls, intrusion detection systems, and intrusion prevention systems that monitor and filter network traffic to prevent unauthorized access and malicious activities.
3.2 Server Security
All servers are hardened according to security best practices, with unnecessary services disabled and security patches applied promptly. Server access is logged and monitored continuously.
3.3 Physical Security
Our data centers employ physical security measures including controlled access, surveillance systems, and environmental controls to protect hardware infrastructure.
3.4 Backup and Recovery
Regular automated backups are performed to ensure data availability and facilitate recovery in case of system failures or data loss incidents. Backup data is encrypted and stored securely in geographically distributed locations.
4. Application Security
4.1 Secure Development
We follow secure coding practices and conduct code reviews to identify and remediate security vulnerabilities during the development process. Our development team receives regular training on security best practices.
4.2 Vulnerability Management
We perform regular vulnerability scans and penetration testing to identify potential security weaknesses. Identified vulnerabilities are prioritized and remediated according to their severity.
4.3 Dependency Management
Third-party libraries and dependencies are regularly reviewed and updated to address known security vulnerabilities. We monitor security advisories and apply necessary patches promptly.
4.4 Input Validation
All user inputs are validated and sanitized to prevent injection attacks and other input-based vulnerabilities.
5. Monitoring and Incident Response
5.1 Security Monitoring
We maintain continuous monitoring of our systems and networks to detect suspicious activities and potential security incidents. Automated alerts notify our security team of anomalous behavior.
5.2 Incident Response Plan
We have established an incident response plan that defines procedures for detecting, responding to, and recovering from security incidents. Our response team is trained to handle various types of security events.
5.3 Breach Notification
In the event of a data breach that affects your personal information, we will notify affected users promptly in accordance with applicable legal requirements. Notifications will include information about the nature of the breach, potentially affected data, and steps being taken to address the incident.
5.4 Logging and Auditing
System activities, access attempts, and security-relevant events are logged and retained for audit purposes. Logs are protected against tampering and regularly reviewed for security analysis.
6. Third-Party Security
6.1 Vendor Assessment
We carefully evaluate the security practices of third-party service providers before engaging their services. Vendors with access to sensitive data must meet our security standards and requirements.
6.2 Contractual Obligations
Third-party vendors are bound by contractual obligations to maintain appropriate security measures and protect any data they process on our behalf.
6.3 Integration Security
Integrations with third-party services are implemented securely, with proper authentication, authorization, and data protection mechanisms in place.
7. Employee Security
7.1 Background Checks
Where permitted by law, we conduct background checks on employees with access to sensitive systems and data.
7.2 Security Training
All employees receive regular security awareness training covering topics such as phishing prevention, password security, data handling practices, and incident reporting procedures.
7.3 Confidentiality Agreements
Employees with access to sensitive information sign confidentiality agreements obligating them to protect customer data and proprietary information.
7.4 Access Termination
When employees leave the organization or change roles, their access rights are promptly revoked or modified to reflect their current responsibilities.
8. Compliance and Certifications
We strive to maintain compliance with relevant industry standards and regulations. Our security practices are designed to align with recognized frameworks and best practices in information security.
We undergo regular security assessments and audits to verify the effectiveness of our security controls and identify areas for improvement.
9. User Responsibilities
While we implement robust security measures, account security is a shared responsibility. Users are encouraged to:
Create strong passwords: Use unique, complex passwords for your account and avoid reusing passwords across multiple services.
Enable multi-factor authentication: Add an extra layer of security to your account when available.
Keep credentials confidential: Never share your login credentials with others.
Monitor account activity: Regularly review your account activity and report any suspicious behavior immediately.
Use secure connections: Access our platform through secure, trusted networks and avoid using public Wi-Fi for sensitive activities.
Keep software updated: Ensure your devices and browsers are running current versions with the latest security patches.
Report security concerns: Notify us immediately if you suspect a security vulnerability or incident.
10. Payment Security
Financial transactions processed through our platform are handled using secure payment processors that comply with payment card industry standards. We do not store complete payment card information on our servers.
Payment information is transmitted using encrypted connections and processed by certified payment service providers who maintain their own security certifications and compliance standards.
11. Privacy and Security
Our security measures are designed to support our privacy commitments. For detailed information about how we collect, use, and protect your personal information, please refer to our Privacy Policy.
Security and privacy considerations are integrated throughout our data lifecycle, from collection through deletion.
12. Security Updates
We continuously work to enhance our security posture and may update our security measures and this Security Policy periodically. Significant changes to our security practices will be communicated to users through our platform or via email.
We recommend reviewing this Security Policy regularly to stay informed about how we protect your information.
13. Responsible Disclosure
We welcome responsible disclosure of security vulnerabilities. If you discover a potential security issue, please report it to us confidentially rather than publicly disclosing it.
Security researchers and ethical hackers who identify vulnerabilities should contact us at support@serikdun.com with details of the issue. We commit to:
Acknowledging receipt of your report promptly
Investigating the reported vulnerability
Keeping you informed of our progress toward resolution
Recognizing your contribution upon resolution if desired
Please do not access, modify, or delete data belonging to other users, and avoid disrupting our services while testing for vulnerabilities.
14. Limitations
While we implement comprehensive security measures, no system can be completely immune to security threats. We cannot guarantee absolute security but commit to maintaining reasonable and appropriate safeguards to protect your information.
Users acknowledge that internet-based services carry inherent security risks and agree to use our platform at their own risk within reasonable expectations of security.
15. Contact Information
For questions, concerns, or reports regarding security matters, please contact us:
Email: support@serikdun.com
Phone: +380677390729
Address: Zarichanska St, 3/1, Khmelnytskyi, Khmelnytskyi Oblast, Ukraine, 29000
For urgent security matters, please clearly indicate the nature of your inquiry in the subject line to ensure prompt attention from our security team.
16. Effective Date and Revisions
This Security Policy is effective as of the last updated date specified at the beginning of this document. We reserve the right to modify this policy as necessary to reflect changes in our security practices, technology, or legal requirements.
Continued use of our platform following any changes constitutes acceptance of the updated Security Policy.