Security Policy

Last Updated: April 3, 2025

At Praskulo, we are committed to protecting the security and integrity of your personal information and data. This Security Policy outlines the measures we implement to safeguard your information against unauthorized access, disclosure, alteration, and destruction.

---

1. Information Security Framework

We maintain a comprehensive information security program designed to protect the confidentiality, integrity, and availability of all data processed through our platform. Our security framework is built upon industry-standard practices and is regularly reviewed and updated to address emerging threats.

1.1 Security Governance

Our security governance structure includes:

• Designated security personnel responsible for overseeing security operations
• Regular security assessments and audits
• Continuous monitoring of security threats and vulnerabilities
• Incident response procedures and protocols
• Employee security awareness and training programs

2. Data Protection Measures

2.1 Encryption

We employ encryption technologies to protect data both in transit and at rest:

• Data in Transit: All data transmitted between your device and our servers is encrypted using TLS (Transport Layer Security) protocols with strong cipher suites
• Data at Rest: Sensitive data stored on our systems is encrypted using industry-standard encryption algorithms
• Password Protection: User passwords are hashed and salted using cryptographic hash functions

2.2 Access Controls

We implement strict access control measures to ensure that only authorized personnel can access sensitive data:

• Multi-factor authentication for administrative access
• Role-based access controls limiting data access to necessary personnel
• Regular review and revocation of access privileges
• Unique user credentials for all system access
• Automated session timeout mechanisms

2.3 Network Security

Our network infrastructure is protected through multiple layers of security:

• Firewall protection to prevent unauthorized network access
• Intrusion detection and prevention systems
• Network segmentation to isolate critical systems
• Regular security patching and updates
• Vulnerability scanning and penetration testing

3. Application Security

3.1 Secure Development Practices

We follow secure development methodologies throughout our software development lifecycle:

• Security requirements integration during design phase
• Code review processes including security assessments
• Automated security testing and vulnerability scanning
• Input validation and output encoding to prevent common attacks
• Protection against SQL injection, cross-site scripting, and other web vulnerabilities

3.2 Authentication and Session Management

Our platform implements robust authentication and session management controls:

• Secure password requirements and complexity rules
• Account lockout mechanisms after failed login attempts
• Secure session token generation and management
• Session invalidation upon logout
• Protection against brute force and credential stuffing attacks

4. Infrastructure Security

4.1 Hosting and Data Centers

Our services are hosted on secure infrastructure with the following protections:

• Physically secure data centers with controlled access
• Environmental controls including fire suppression and climate control
• Redundant power supplies and network connectivity
• Regular backup procedures and disaster recovery capabilities
• Monitoring and logging of all system activities

4.2 System Monitoring

We maintain continuous monitoring of our systems to detect and respond to security incidents:

• Real-time security event monitoring and alerting
• Log collection and analysis from all critical systems
• Automated anomaly detection
• Regular review of security logs and access records

5. Third-Party Security

5.1 Vendor Management

We carefully evaluate and monitor third-party service providers who have access to our systems or data:

• Security assessments of third-party vendors before engagement
• Contractual requirements for data protection and security standards
• Regular review of vendor security practices
• Limitation of third-party access to minimum necessary

5.2 Payment Processing

Payment information is processed through secure third-party payment processors that comply with industry standards. We do not store complete credit card information on our servers.

6. Incident Response

6.1 Security Incident Management

We have established procedures to respond to security incidents:

• Incident detection and reporting mechanisms
• Designated incident response team
• Incident classification and prioritization procedures
• Containment, eradication, and recovery processes
• Post-incident analysis and improvement measures

6.2 Breach Notification

In the event of a data breach that affects your personal information, we will:

• Investigate the incident promptly and thoroughly
• Take immediate steps to mitigate the impact
• Notify affected users in accordance with applicable laws
• Provide information about the incident and steps you can take to protect yourself
• Cooperate with relevant authorities as required

7. Data Retention and Disposal

We retain data only for as long as necessary to fulfill the purposes outlined in our Privacy Policy and to comply with legal obligations:

• Regular review of data retention requirements
• Secure deletion procedures for data no longer needed
• Sanitization of storage media before disposal or reuse
• Documentation of data disposal activities

8. Employee Security

8.1 Personnel Security

We implement security measures related to our personnel:

• Background checks for employees with access to sensitive data
• Confidentiality and non-disclosure agreements
• Regular security awareness training
• Clear security policies and procedures
• Prompt revocation of access upon termination of employment

8.2 Training and Awareness

All employees receive regular training on:

• Security best practices and policies
• Data protection requirements
• Incident reporting procedures
• Social engineering and phishing awareness
• Secure handling of sensitive information

9. Physical Security

We maintain physical security controls to protect our facilities and equipment:

• Restricted access to office and server locations
• Visitor logging and escort procedures
• Surveillance systems in critical areas
• Secure disposal of physical documents containing sensitive information
• Clean desk policies for employees handling sensitive data

10. Business Continuity

10.1 Backup and Recovery

We maintain robust backup and disaster recovery capabilities:

• Regular automated backups of critical data
• Geographically distributed backup storage
• Tested recovery procedures
• Business continuity planning and documentation
• Regular disaster recovery drills and testing

10.2 Service Availability

We strive to maintain high availability of our services through:

• Redundant systems and infrastructure
• Load balancing and failover capabilities
• Capacity planning and resource management
• Performance monitoring and optimization

11. Compliance and Certifications

We are committed to maintaining compliance with applicable security standards and regulations:

• Regular security assessments and audits
• Compliance with data protection regulations
• Industry best practice adherence
• Documentation of security controls and procedures
• Continuous improvement of security posture

12. User Responsibilities

While we implement comprehensive security measures, users also play an important role in maintaining security:

• Account Security: Choose strong, unique passwords and keep them confidential
• Multi-Factor Authentication: Enable additional security features when available
• Device Security: Keep your devices and software up to date with security patches
• Suspicious Activity: Report any suspicious activity or potential security issues immediately
• Secure Access: Do not share your account credentials with others
• Logout Procedures: Log out when finished, especially on shared or public devices

13. Vulnerability Disclosure

We welcome reports of potential security vulnerabilities from security researchers and users:

• Report vulnerabilities to: help@praskulo.com
• Provide detailed information about the vulnerability
• Allow reasonable time for us to address the issue before public disclosure
• We will acknowledge receipt and work to resolve verified issues promptly

14. Security Policy Updates

We regularly review and update this Security Policy to reflect:

• Changes in our security practices and technologies
• Emerging security threats and best practices
• Feedback from security assessments and audits
• Changes in applicable laws and regulations

The date at the top of this policy indicates when it was last updated. We encourage you to review this policy periodically.

15. Contact Information

If you have questions, concerns, or wish to report a security issue, please contact us:

Email: help@praskulo.com

Address: Kafedralna St, 5А, 110, Zhytomyr, Zhytomyr Oblast, Ukraine, 10002

Phone: +380967392052

We take all security matters seriously and will respond to inquiries in a timely manner.

---

This Security Policy is part of our commitment to protecting your information and maintaining the trust you place in Praskulo. We continuously work to enhance our security measures and appreciate your cooperation in keeping our platform secure.