Security Policy
Last updated: 4 December 2025
Kansvector is committed to protecting the security of its platform, services, and the information entrusted to us by our users. This Security Policy describes the technical and organisational measures we implement to safeguard data and maintain the integrity of our systems.
1. Scope
This policy applies to all systems, infrastructure, and services operated by Kansvector, including web applications, databases, internal tools, and third-party integrations used to deliver our educational platform.
2. Data Protection
2.1 Encryption in Transit
All data transmitted between users and our platform is encrypted using Transport Layer Security (TLS 1.2 or higher). We do not support deprecated or insecure protocol versions.
2.2 Encryption at Rest
Sensitive data stored on our systems is encrypted at rest using industry-standard encryption algorithms. This includes user credentials, personal information, and session data.
2.3 Password Security
User passwords are never stored in plain text. All passwords are processed using a strong, salted hashing algorithm before storage. We enforce minimum password complexity requirements and support secure credential recovery processes.
3. Access Control
3.1 Principle of Least Privilege
Access to systems and data is granted on a need-to-know basis. Internal staff are assigned the minimum level of access required to perform their duties.
3.2 Authentication
Administrative and internal systems require strong authentication. We encourage the use of multi-factor authentication (MFA) across all privileged accounts and provide MFA options for user accounts where available.
3.3 Access Reviews
Access permissions are reviewed periodically. Access is revoked promptly when an individual's role changes or their engagement with the organisation ends.
4. Infrastructure Security
4.1 Network Security
Our infrastructure is protected by firewalls, network segmentation, and intrusion detection mechanisms. Unused ports and services are disabled by default.
4.2 Vulnerability Management
We perform regular security assessments, including vulnerability scans and patch management. Critical and high-severity vulnerabilities are prioritised for remediation.
4.3 Software Dependencies
Third-party libraries and software components are monitored for known vulnerabilities. Updates and patches are applied in a timely manner following security disclosures.
5. Application Security
Our development practices incorporate security at each stage of the software lifecycle. This includes secure coding standards, code review processes, and testing for common vulnerabilities such as those listed in the OWASP Top Ten. Input validation and output encoding are applied throughout the application to prevent injection attacks and cross-site scripting.
6. Incident Response
We maintain an incident response plan to detect, contain, and recover from security incidents in a timely manner. In the event of a confirmed security breach that affects user data, we will notify affected parties as required and take appropriate remediation steps. Post-incident reviews are conducted to identify root causes and improve controls.
7. Monitoring and Logging
System activity and access events are logged and monitored to detect anomalous behaviour. Logs are retained for a defined period and are protected against unauthorised modification. Monitoring covers both application-level events and infrastructure activity.
8. Third-Party Services
Where we engage third-party providers to support our platform, we assess their security practices before engagement. Data shared with third parties is limited to what is necessary for the service provided. We require third parties to maintain appropriate security standards and confidentiality obligations.
9. Physical Security
Our platform is hosted in data centres that maintain physical access controls, environmental protections, and operational redundancy. Physical access to servers and infrastructure is restricted to authorised personnel only.
10. Data Retention and Disposal
Data is retained only for as long as necessary for the purposes for which it was collected or as required by applicable obligations. When data is no longer required, it is securely deleted or destroyed in a manner that prevents recovery.
11. Business Continuity
We maintain backup procedures and recovery plans to ensure continuity of service in the event of a system failure or disruptive incident. Backups are tested periodically to verify their integrity and restorability.
12. Employee Responsibilities
All staff with access to systems or user data are informed of their security responsibilities. Personnel handling sensitive information receive guidance on secure practices, including data handling, device security, and recognising social engineering attempts.
13. Responsible Disclosure
We welcome responsible disclosure from security researchers and the broader community. If you believe you have identified a security vulnerability in our platform, please contact us at info@kansvector.vip before making any disclosure public. We will investigate all credible reports and respond in good faith. We ask that researchers avoid actions that could compromise user data or platform availability during their investigation.
14. Policy Updates
This Security Policy may be updated from time to time to reflect changes in our practices, technology, or applicable requirements. The date at the top of this document indicates when the policy was last revised. We encourage users to review this page periodically.
15. Contact
For questions or concerns relating to this policy, please contact us:
Kansvector
1 Catchpole St, Macquarie, ACT, 2614, Australia
Email: info@kansvector.vip
Phone: +61 2 9622 3093