Last updated: November 15, 2025

Security Policy

Aktirak Corporation takes security seriously. This Security Policy outlines our practices, measures, and your responsibilities in maintaining a secure platform.

1. Infrastructure Security

Cloud Infrastructure:

  • Hosted on enterprise-grade cloud providers (AWS/Azure/GCP)
  • Geographic redundancy and failover capabilities
  • DDoS protection and traffic filtering
  • Regular infrastructure audits and updates

Network Security:

  • Firewalls and intrusion detection systems (IDS)
  • Virtual Private Cloud (VPC) isolation
  • Network segmentation and access controls
  • 24/7 security monitoring

2. Data Security

Encryption:

  • TLS 1.3 for data in transit
  • AES-256 encryption for data at rest
  • Encrypted database backups
  • Secure key management systems

Data Isolation:

  • Logical separation between customer data
  • Dedicated database instances for sensitive operations
  • No cross-tenant data access

3. Application Security

We implement security best practices in our code:

  • Regular security code reviews
  • Automated vulnerability scanning
  • SQL injection prevention (parameterized queries)
  • Cross-Site Scripting (XSS) protection
  • Cross-Site Request Forgery (CSRF) tokens
  • Content Security Policy (CSP) headers
  • Rate limiting and abuse prevention

4. Authentication and Access Control

User Authentication:

  • Strong password requirements (min 12 characters)
  • Two-factor authentication (2FA) available
  • Session management with secure cookies
  • Automatic session timeout after inactivity
  • Account lockout after failed login attempts

Access Control:

  • Role-based access control (RBAC)
  • Principle of least privilege
  • Multi-factor authentication for administrative access
  • Regular access reviews and audits

5. AI Specialist Security

Security measures for AI interactions:

  • Prompt injection attack prevention
  • Content filtering and moderation
  • Rate limiting on AI requests
  • Isolation between user sessions
  • No persistent memory across sessions without consent

6. Payment Security

We use Stripe for secure payment processing:

  • PCI-DSS Level 1 compliant
  • We never store credit card numbers
  • Tokenized payment information
  • 3D Secure authentication support

7. Security Monitoring

Continuous monitoring and logging:

  • Real-time security event monitoring
  • Automated alert systems for anomalies
  • Comprehensive audit logs
  • Log retention for security investigations
  • Security Information and Event Management (SIEM)

8. Incident Response

Our incident response process:

  1. Detection: Automated and manual security monitoring
  2. Containment: Isolate affected systems immediately
  3. Eradication: Remove threat and patch vulnerabilities
  4. Recovery: Restore services safely
  5. Notification: Inform affected users as required
  6. Post-Incident: Review and improve security measures

9. Third-Party Security

We carefully vet all third-party services:

  • Security assessments for all vendors
  • Data Processing Agreements (DPAs)
  • Regular third-party security reviews
  • Vendor security certification requirements

10. Employee Security

Internal security practices:

  • Background checks for employees with data access
  • Regular security training and awareness programs
  • Secure development lifecycle (SDLC)
  • Separation of duties for critical operations
  • Immediate access revocation upon termination

11. Vulnerability Management

Proactive vulnerability management:

  • Regular penetration testing (quarterly)
  • Automated vulnerability scanning
  • Responsible disclosure program
  • Timely patching of security vulnerabilities
  • Security bug bounty program (coming soon)

12. Backup and Disaster Recovery

Business continuity measures:

  • Daily automated backups
  • Encrypted backup storage
  • Geographic redundancy for backups
  • Tested disaster recovery procedures
  • Recovery Time Objective (RTO): 4 hours
  • Recovery Point Objective (RPO): 1 hour

13. Compliance and Certifications

We maintain compliance with:

  • GDPR (General Data Protection Regulation)
  • CCPA (California Consumer Privacy Act)
  • SOC 2 Type II (in progress)
  • ISO 27001 (planned)

14. Your Security Responsibilities

To help maintain security, you should:

  • Use strong, unique passwords
  • Enable two-factor authentication
  • Never share your account credentials
  • Report suspicious activity immediately
  • Keep your contact information current
  • Review your account activity regularly
  • Use secure networks when accessing the platform

15. Reporting Security Issues

If you discover a security vulnerability:

  • DO NOT exploit the vulnerability
  • DO NOT disclose publicly before we address it
  • Report to our security team
  • Include detailed description and steps to reproduce
  • We will acknowledge within 24 hours
  • We will provide updates on remediation progress

16. Security Contact

For security-related inquiries: