Effective Date: 18/02/2025
Last Updated: 08/03/2025
1. Introduction
At Convibe Ltd (“we,” “our,” “us”), security is a top priority. We are committed to protecting our website, systems, and users from unauthorized access, data breaches, and cyber threats. This Security Policy outlines the security measures we implement to safeguard our Website www.convibe.uk and ensure data protection.
By using our Website, you acknowledge and agree to abide by our security policies. If you suspect a security vulnerability, please report it to us immediately at hello@convibe.uk.
2. Website and Data Protection Measures
To ensure the security of our Website and your data, we have implemented the following security measures:
2.1 Encryption and Secure Communication
SSL/TLS Encryption: Our Website uses SSL (Secure Socket Layer) certificates to encrypt communication between users and our servers. This ensures that all data transmitted remains private and secure.
End-to-End Encryption: Sensitive user data is encrypted at rest and in transit to prevent unauthorized access.
2.2 Secure Data Storage
Servers Located in the UK: We store user data on secure servers located in the UK with strict physical and digital security measures.
Access Control Policies: Only authorized personnel have access to critical systems and user data. Access is granted based on the principle of least privilege.
Regular Data Backups: We conduct frequent encrypted backups to ensure data integrity and quick recovery in case of data loss or corruption.
2.3 Threat Monitoring and Detection
Firewall Protection: We use advanced firewall systems to monitor and block unauthorized traffic.
Intrusion Detection Systems (IDS): We actively monitor network activity for suspicious behavior or potential threats.
Automated Security Audits: We perform periodic security assessments and vulnerability scans to identify potential risks and remediate them promptly.
3. User Account Security
We encourage users to take security precautions when accessing our Website. We implement the following security measures for user accounts:
3.1 Password Protection and Authentication
Strong Password Enforcement: Users must create strong passwords that meet security standards (e.g., a mix of uppercase, lowercase, numbers, and symbols).
Multi-Factor Authentication (MFA): We may implement MFA for additional protection against unauthorized access.
Account Lockout Policy: Multiple failed login attempts will trigger an automatic account lockout to prevent brute-force attacks.
3.2 Secure User Sessions
Auto-Logout Feature: Users are automatically logged out after a period of inactivity to prevent unauthorized access.
Session Encryption: All user sessions are secured with encrypted cookies and authentication tokens.
4. Protection Against Cyber Threats
Convibe Ltd employs multiple layers of protection to mitigate cyber risks, including but not limited to:
4.1 Protection Against Malware and Phishing
Malware Scanning: Our Website undergoes regular malware scans to detect and remove malicious software.
Email Security Measures: We use email authentication protocols (e.g., SPF, DKIM, DMARC) to prevent email spoofing and phishing attacks.
4.2 DDoS and Brute Force Protection
Distributed Denial of Service (DDoS) Protection: Our servers are protected against DDoS attacks to ensure Website availability.
Rate Limiting: We limit the number of requests from a single IP address to mitigate brute-force attempts.
5. Third-Party Security Measures
We collaborate with trusted third-party service providers while ensuring data security through:
Vendor Security Assessment: We only work with third-party providers that adhere to strict security policies.
Secure Payment Processing: Although we do not process payments on our Website, we recommend using payment gateways with PCI-DSS compliance.
Third-Party API Security: All integrations with third-party services undergo security review and token-based authentication.
6. Data Breach Response Plan
Despite stringent security measures, if a data breach occurs, we follow a structured response plan:
6.1 Breach Detection and Containment
Immediate security assessment to determine the nature and scope of the breach.
Isolate affected systems to prevent further data compromise.
6.2 Notification and Reporting
Affected users will be notified within 72 hours, as required under UK GDPR.
If necessary, we will report the incident to the Information Commissioner’s Office (ICO) and other relevant authorities.
6.3 Remediation and Prevention
Investigate and patch vulnerabilities that led to the breach.
Enhance security protocols to prevent similar incidents in the future.
7. Security Best Practices for Users
To further enhance security, we recommend users:
Use unique, strong passwords for their accounts.
Enable multi-factor authentication (MFA) where applicable.
Keep their browsers and software updated to protect against security vulnerabilities.
Avoid phishing scams by verifying links before clicking and never sharing sensitive credentials.
8. Reporting Security Issues
We value security researchers and ethical hackers who help improve our security. If you discover a vulnerability or security issue, please report it immediately to security@convibe.uk. We encourage responsible disclosure and will work to resolve reported issues promptly.
9. Compliance with UK Laws and Regulations
Convibe Ltd adheres to UK GDPR, Data Protection Act 2018, and other relevant cybersecurity laws. Our security practices align with industry standards to ensure data protection and regulatory compliance.
10. Changes to This Security Policy
We may update this Security Policy periodically. Any changes will be communicated on our Website and, where appropriate, through email notifications.
11. Contact Information
For any security concerns or inquiries, please contact us at:
Convibe Ltd
Email: hello@convibe.uk
Website: www.convibe.uk