Security Policy

Last Updated: March 4, 2025

At Reltrona, we are committed to protecting the security and integrity of your personal information and our systems. This Security Policy outlines the measures we implement to safeguard data and maintain a secure environment for our mentorship platform.

1. Information Security Framework

We maintain a comprehensive information security program designed to protect against unauthorized access, disclosure, alteration, or destruction of data. Our security practices are regularly reviewed and updated to address emerging threats and vulnerabilities.

1.1 Security Governance

We have established clear security policies, procedures, and standards that govern how we collect, process, store, and transmit information. Our security framework includes:

• Regular security assessments and audits
• Incident response and management procedures
• Business continuity and disaster recovery planning
• Continuous monitoring and threat detection

2. Data Protection Measures

2.1 Encryption

We employ industry-standard encryption protocols to protect data both in transit and at rest:

• All data transmitted between your device and our servers is encrypted using Transport Layer Security (TLS) protocols
• Sensitive data stored in our databases is encrypted using advanced encryption standards
• Encryption keys are managed securely with restricted access controls

2.2 Access Controls

We implement strict access control measures to ensure that only authorized personnel can access sensitive information:

• Role-based access control (RBAC) limiting data access based on job function
• Multi-factor authentication for administrative and sensitive system access
• Regular access reviews and prompt revocation of access for departed personnel
• Principle of least privilege applied across all systems

2.3 Network Security

Our network infrastructure is protected through multiple layers of security controls:

• Firewalls and intrusion detection systems
• Network segmentation to isolate sensitive systems
• Regular vulnerability scanning and penetration testing
• DDoS protection and traffic filtering

3. Application Security

3.1 Secure Development

We follow secure coding practices throughout our development lifecycle:

• Security requirements integrated into the design phase
• Code reviews with security considerations
• Regular security testing including static and dynamic analysis
• Dependency scanning to identify vulnerable third-party components

3.2 Authentication and Session Management

We implement robust authentication mechanisms to verify user identity:

• Strong password requirements and secure password storage using cryptographic hashing
• Session timeout controls to prevent unauthorized access
• Protection against common authentication attacks
• Secure password reset mechanisms

3.3 Input Validation and Output Encoding

We validate and sanitize all user inputs to prevent injection attacks and other exploits. All outputs are properly encoded to prevent cross-site scripting and similar vulnerabilities.

4. Infrastructure Security

4.1 Hosting and Physical Security

Our services are hosted with reputable cloud infrastructure providers who maintain:

• Physical security controls including restricted access to data centers
• Environmental controls for power, cooling, and fire suppression
• Geographic redundancy for business continuity
• Compliance with recognized security standards and certifications

4.2 System Monitoring

We continuously monitor our systems for security events and anomalies:

• Automated logging of security-relevant events
• Real-time alerting for potential security incidents
• Regular log review and analysis
• Security information and event management (SIEM) capabilities

5. Vendor and Third-Party Security

We carefully evaluate the security practices of third-party vendors and service providers:

• Due diligence assessments before engaging vendors
• Contractual requirements for security and data protection
• Regular review of vendor security practices
• Limited data sharing based on necessity

6. Employee Security

6.1 Personnel Screening

We conduct appropriate background checks on employees with access to sensitive systems and data, in accordance with applicable laws.

6.2 Security Training

All personnel receive security awareness training covering:

• Data protection principles and requirements
• Identification of phishing and social engineering attempts
• Secure handling of sensitive information
• Incident reporting procedures

6.3 Confidentiality Obligations

Employees and contractors are bound by confidentiality agreements and are required to protect the confidentiality and security of information they access.

7. Incident Response

7.1 Incident Management

We maintain an incident response plan to address security incidents promptly and effectively:

• Clearly defined roles and responsibilities
• Procedures for incident detection, analysis, and containment
• Communication protocols for affected parties
• Post-incident review and remediation

7.2 Breach Notification

In the event of a data breach that affects your personal information, we will notify you in accordance with applicable legal requirements. Notification will include:

• Description of the incident and affected data
• Steps we are taking to address the breach
• Recommended actions you can take to protect yourself
• Contact information for questions and support

8. Business Continuity and Disaster Recovery

We maintain business continuity and disaster recovery plans to ensure service availability and data protection:

• Regular backups of critical data and systems
• Redundant infrastructure and failover capabilities
• Documented recovery procedures and recovery time objectives
• Regular testing of backup and recovery processes

9. Compliance and Certifications

We strive to align our security practices with recognized standards and frameworks, including:

• ISO 27001 principles for information security management
• OWASP guidelines for web application security
• Industry best practices for data protection

10. User Responsibilities

While we implement comprehensive security measures, users also play an important role in maintaining security:

• Use strong, unique passwords for your account
• Keep your login credentials confidential
• Log out of your account when using shared devices
• Keep your contact information current for security notifications
• Report suspicious activity or security concerns promptly
• Keep your devices and software updated with security patches

11. Payment Security

For payment processing, we utilize trusted third-party payment processors that comply with Payment Card Industry Data Security Standard (PCI DSS) requirements. We do not store complete payment card information on our servers.

12. Data Retention and Secure Disposal

We retain data only as long as necessary for the purposes outlined in our Privacy Policy or as required by law. When data is no longer needed, we securely delete or anonymize it using appropriate methods to prevent unauthorized recovery.

13. Security Updates and Maintenance

We regularly update our systems and applications to address security vulnerabilities:

• Timely application of security patches
• Regular updates to security controls and monitoring tools
• Scheduled maintenance windows communicated in advance
• Emergency maintenance for critical security issues

14. Limitations

While we implement robust security measures, no system can be completely secure. We cannot guarantee absolute security and are not responsible for:

• Unauthorized access resulting from user actions (e.g., sharing passwords)
• Security vulnerabilities in user devices or networks
• Acts of third parties beyond our reasonable control
• Security incidents affecting third-party services integrated with our platform

15. Reporting Security Concerns

We encourage responsible disclosure of security vulnerabilities. If you discover a potential security issue, please report it to us immediately:

Email: help@reltrona.online

Please include:

• Detailed description of the vulnerability
• Steps to reproduce the issue
• Potential impact assessment
• Your contact information for follow-up

We request that you do not publicly disclose the vulnerability until we have had reasonable time to address it.

16. Changes to This Policy

We may update this Security Policy periodically to reflect changes in our security practices or legal requirements. We will post the updated policy on our website with a revised "Last Updated" date. Continued use of our services after such changes constitutes acceptance of the updated policy.

17. Contact Information

If you have questions or concerns about our security practices, please contact us:

Reltrona
2 Kingsknowe Ct, Edinburgh EH14 2JS, United Kingdom
Phone: +441582723430
Email: help@reltrona.online