top of page

Security Policy

1. Introduction

FlexFortis is committed to ensuring the security of our users' data and the integrity of our platform. This Security Policy outlines the measures we take to protect our website and users from unauthorized access, data breaches, and other security threats.

2. Data Protection

We employ a variety of technical, administrative, and physical safeguards to protect user data:

  • Encryption: All sensitive data, including personal information and payment details, is encrypted using industry-standard protocols.

  • Access Controls: Access to user data is restricted to authorized personnel only. We use role-based access controls to ensure that employees can only access the information necessary for their job functions.

  • Data Storage: User data is stored on secure servers with robust security measures in place to prevent unauthorized access.

3. Network Security

We implement comprehensive network security measures to protect our website and systems:

  • Firewalls: Our network is protected by firewalls that block unauthorized access while allowing legitimate traffic.

  • Intrusion Detection Systems (IDS): We use IDS to monitor network traffic for suspicious activity and potential threats.

  • Regular Updates: We ensure that all software and systems are regularly updated to protect against vulnerabilities and exploits.

4. User Account Security

We provide several features to help users protect their accounts:

  • Strong Passwords: Users are required to create strong passwords that meet complexity requirements.

  • Two-Factor Authentication (2FA): We offer 2FA to provide an additional layer of security for user accounts.

  • Account Monitoring: We monitor user accounts for unusual activity and notify users of any suspicious login attempts.

5. Incident Response

In the event of a security incident, we have a comprehensive incident response plan in place:

  • Detection and Analysis: We promptly detect and analyse security incidents to assess their impact and scope.

  • Containment and Eradication: We take immediate steps to contain the incident and eradicate the threat.

  • Recovery: We restore affected systems and data to their normal state while ensuring that vulnerabilities are addressed.

  • Notification: If a data breach occurs, we notify affected users and regulatory authorities as required by law.

6. Employee Training and Awareness

We ensure that all employees are trained on security best practices and aware of their responsibilities:

  • Regular Training: Employees receive regular training on data protection, phishing awareness, and secure handling of sensitive information.

  • Security Policies: Employees are required to follow our internal security policies and procedures.

7. Compliance

We adhere to all applicable legal and regulatory requirements related to data protection and security:

  • GDPR: For users in the European Union, we comply with the General Data Protection Regulation (GDPR).

  • CCPA: For users in California, we comply with the California Consumer Privacy Act (CCPA).

8. Continuous Improvement

We are committed to continuously improving our security measures:

  • Regular Audits: We conduct regular security audits and assessments to identify and address potential vulnerabilities.

  • User Feedback: We value user feedback and encourage users to report any security concerns.

9. Contact Us

If you have any questions or concerns about our security practices, please contact us at:

bottom of page