Security Policy
Our commitment to security and data protection
Our Security Practices
Data Encryption
All data transmitted between your browser and our servers is encrypted using industry-standard TLS 1.3 encryption. Data at rest is encrypted using AES-256 encryption.
Access Control
We implement role-based access control (RBAC) to ensure that only authorized personnel can access sensitive data. All access is logged and monitored.
Regular Security Audits
We conduct regular security audits and penetration testing to identify and address potential vulnerabilities before they can be exploited.
Secure Development
Our development team follows secure coding practices including code reviews, static analysis, and dependency scanning to prevent security issues.
Vulnerability Disclosure Policy
We believe in responsible disclosure of security vulnerabilities. If you discover a security issue, we ask that you:
- Contact us privately at info@edxtratech.com before disclosing publicly
- Provide detailed information about the vulnerability including:
- Description of the vulnerability
- Steps to reproduce the issue
- Potential impact
- Any proof-of-concept code (if applicable)
- Allow reasonable time for us to investigate and address the issue (typically 90 days)
- Do not exploit the vulnerability or access user data
- Do not disrupt our services or data integrity
Our Response Timeline
Initial Response
Within 48 hours of receiving your report
Validation
Within 7 days, we'll confirm if the vulnerability is valid
Resolution
We'll work to fix critical issues within 30 days, medium issues within 60 days
Disclosure
After the fix is deployed, we'll coordinate public disclosure with you
Data Protection Measures
Technical Measures
- ✓HTTPS/TLS encryption for all data in transit
- ✓AES-256 encryption for data at rest
- ✓Multi-factor authentication (MFA)
- ✓Regular automated backups
- ✓Web Application Firewall (WAF)
Organizational Measures
- ✓Security awareness training for all staff
- ✓Background checks for employees
- ✓Incident response procedures
- ✓Regular security policy reviews
- ✓Vendor security assessments
Compliance & Standards
We are committed to maintaining compliance with relevant security standards and regulations:
- •GDPR - General Data Protection Regulation for European data protection
- •ISO 27001 - Information security management standards
- •OWASP Top 10 - Protection against common web vulnerabilities
- •IT Act 2000 - Compliance with Indian cyber law
Have a Security Concern?
If you have any questions about our security practices or need to report a vulnerability, please contact us immediately.