Security Policy

Last Updated: July 28, 2025

At Cavix Purath, we are committed to protecting the security and integrity of your personal information and data. This Security Policy outlines the measures we implement to safeguard your information against unauthorized access, alteration, disclosure, or destruction.

1. Information Security Framework

We maintain a comprehensive information security program designed to protect the confidentiality, integrity, and availability of all data processed through our platform. Our security framework is based on industry-standard practices and is regularly reviewed and updated to address emerging threats.

2. Data Protection Measures

2.1 Technical Safeguards

We employ multiple layers of technical security controls, including:

• Encryption of data in transit using industry-standard TLS protocols
• Encryption of sensitive data at rest using strong cryptographic algorithms
• Secure authentication mechanisms and password requirements
• Regular security patches and system updates
• Firewall protection and intrusion detection systems
• Automated backup procedures and disaster recovery planning

2.2 Administrative Safeguards

Our administrative controls include:

• Designated security personnel responsible for maintaining our security program
• Regular security awareness training for all employees
• Background checks for personnel with access to sensitive systems
• Documented security policies and procedures
• Incident response and breach notification protocols

2.3 Physical Safeguards

We utilize secure data centers with physical security measures including:

• Restricted access controls and visitor management
• 24/7 surveillance and monitoring
• Environmental controls for equipment protection
• Redundant power and network connectivity

3. Access Control

Access to personal information and systems is granted based on the principle of least privilege. We implement:

• Role-based access controls limiting data access to authorized personnel only
• Multi-factor authentication for administrative access
• Regular review and audit of access permissions
• Immediate revocation of access upon termination of employment or contract
• Logging and monitoring of access to sensitive information

4. Network Security

Our network infrastructure is protected through:

• Network segmentation to isolate critical systems
• Intrusion detection and prevention systems
• Regular vulnerability scanning and penetration testing
• DDoS mitigation and traffic monitoring
• Secure configuration of all network devices

5. Application Security

We follow secure development practices including:

• Security review of code during development
• Regular security testing and vulnerability assessments
• Input validation and output encoding to prevent injection attacks
• Protection against common web application vulnerabilities
• Secure session management and authentication mechanisms

6. Third-Party Security

When engaging third-party service providers, we:

• Conduct security assessments of vendors before engagement
• Require contractual commitments to maintain appropriate security standards
• Limit data sharing to what is necessary for service delivery
• Monitor third-party compliance with security requirements
• Ensure secure data transmission and storage by vendors

7. Incident Response

We maintain an incident response plan to address security events promptly and effectively. Our procedures include:

• Detection and monitoring systems to identify potential security incidents
• Defined roles and responsibilities for incident response
• Investigation and containment procedures
• Communication protocols for affected parties
• Post-incident analysis and corrective action implementation

7.1 Breach Notification

In the event of a data breach that affects your personal information, we will notify you in accordance with applicable legal requirements. Notification will include information about the nature of the breach, the data involved, and steps you can take to protect yourself.

8. User Responsibilities

While we implement robust security measures, users also play an important role in protecting their accounts:

• Choose strong, unique passwords and change them regularly
• Enable multi-factor authentication when available
• Keep login credentials confidential and do not share accounts
• Log out of your account when finished, especially on shared devices
• Report suspicious activity or potential security issues immediately
• Keep your contact information current for security notifications
• Be cautious of phishing attempts and verify communications from us

9. Data Retention and Disposal

We retain personal information only for as long as necessary to fulfill the purposes outlined in our Privacy Policy or as required by law. When data is no longer needed, we securely dispose of it using:

• Secure deletion methods that prevent recovery
• Physical destruction of hardware containing data when decommissioned
• Documentation of disposal activities

10. Compliance and Certifications

We are committed to maintaining compliance with applicable security standards and regulations. Our security program is designed to align with recognized frameworks and best practices in the industry.

11. Security Audits and Testing

We regularly assess our security posture through:

• Internal security audits and assessments
• Third-party security evaluations
• Penetration testing of systems and applications
• Vulnerability scanning and remediation
• Review and testing of incident response procedures

12. Employee Training

All employees receive security awareness training upon hire and on an ongoing basis. Training covers:

• Data handling and protection requirements
• Recognition of security threats and social engineering
• Incident reporting procedures
• Compliance with security policies
• Best practices for secure computing

13. Continuous Improvement

Information security is an ongoing process. We continuously monitor the threat landscape and update our security measures accordingly. This includes:

• Staying informed about emerging security threats and vulnerabilities
• Implementing new security technologies and practices
• Learning from security incidents and near-misses
• Soliciting feedback on security practices
• Regular review and update of security policies

14. Reporting Security Issues

If you discover a security vulnerability or have concerns about the security of our services, please contact us immediately at info@cavixpurath.com. We take all security reports seriously and will investigate them promptly.

When reporting a security issue, please provide:

• Description of the vulnerability or concern
• Steps to reproduce the issue if applicable
• Potential impact of the vulnerability
• Your contact information for follow-up

15. Limitations

While we implement comprehensive security measures, no system can be completely secure. We cannot guarantee absolute security of information transmitted to or stored on our systems. Users acknowledge that they provide information at their own risk.

16. Changes to This Policy

We may update this Security Policy periodically to reflect changes in our practices, technologies, legal requirements, or other factors. We will post the updated policy on our website with a revised effective date. Continued use of our services after changes indicates acceptance of the updated policy.

17. Contact Information

For questions, concerns, or additional information about our security practices, please contact us:

Cavix Purath
Prazka St, 30
Kyiv, Ukraine, 02091
Email: info@cavixpurath.com
Phone: +380 50 767 8490

---

Commitment to Security

Security is fundamental to our operations and our relationship with you. We are committed to maintaining the trust you place in us by continuously improving our security practices and protecting your information with the highest standards of care.