Security Policy

Last updated: 4 December 2025

Kansvector is committed to protecting the security of its platform, services, and the information entrusted to us by our users. This Security Policy describes the technical and organisational measures we implement to safeguard data and maintain the integrity of our systems.

1. Scope

This policy applies to all systems, infrastructure, and services operated by Kansvector, including web applications, databases, internal tools, and third-party integrations used to deliver our educational platform.

2. Data Protection

2.1 Encryption in Transit

All data transmitted between users and our platform is encrypted using Transport Layer Security (TLS 1.2 or higher). We do not support deprecated or insecure protocol versions.

2.2 Encryption at Rest

Sensitive data stored on our systems is encrypted at rest using industry-standard encryption algorithms. This includes user credentials, personal information, and session data.

2.3 Password Security

User passwords are never stored in plain text. All passwords are processed using a strong, salted hashing algorithm before storage. We enforce minimum password complexity requirements and support secure credential recovery processes.

3. Access Control

3.1 Principle of Least Privilege

Access to systems and data is granted on a need-to-know basis. Internal staff are assigned the minimum level of access required to perform their duties.

3.2 Authentication

Administrative and internal systems require strong authentication. We encourage the use of multi-factor authentication (MFA) across all privileged accounts and provide MFA options for user accounts where available.

3.3 Access Reviews

Access permissions are reviewed periodically. Access is revoked promptly when an individual's role changes or their engagement with the organisation ends.

4. Infrastructure Security

4.1 Network Security

Our infrastructure is protected by firewalls, network segmentation, and intrusion detection mechanisms. Unused ports and services are disabled by default.

4.2 Vulnerability Management

We perform regular security assessments, including vulnerability scans and patch management. Critical and high-severity vulnerabilities are prioritised for remediation.

4.3 Software Dependencies

Third-party libraries and software components are monitored for known vulnerabilities. Updates and patches are applied in a timely manner following security disclosures.

5. Application Security

Our development practices incorporate security at each stage of the software lifecycle. This includes secure coding standards, code review processes, and testing for common vulnerabilities such as those listed in the OWASP Top Ten. Input validation and output encoding are applied throughout the application to prevent injection attacks and cross-site scripting.

6. Incident Response

We maintain an incident response plan to detect, contain, and recover from security incidents in a timely manner. In the event of a confirmed security breach that affects user data, we will notify affected parties as required and take appropriate remediation steps. Post-incident reviews are conducted to identify root causes and improve controls.

7. Monitoring and Logging

System activity and access events are logged and monitored to detect anomalous behaviour. Logs are retained for a defined period and are protected against unauthorised modification. Monitoring covers both application-level events and infrastructure activity.

8. Third-Party Services

Where we engage third-party providers to support our platform, we assess their security practices before engagement. Data shared with third parties is limited to what is necessary for the service provided. We require third parties to maintain appropriate security standards and confidentiality obligations.

9. Physical Security

Our platform is hosted in data centres that maintain physical access controls, environmental protections, and operational redundancy. Physical access to servers and infrastructure is restricted to authorised personnel only.

10. Data Retention and Disposal

Data is retained only for as long as necessary for the purposes for which it was collected or as required by applicable obligations. When data is no longer required, it is securely deleted or destroyed in a manner that prevents recovery.

11. Business Continuity

We maintain backup procedures and recovery plans to ensure continuity of service in the event of a system failure or disruptive incident. Backups are tested periodically to verify their integrity and restorability.

12. Employee Responsibilities

All staff with access to systems or user data are informed of their security responsibilities. Personnel handling sensitive information receive guidance on secure practices, including data handling, device security, and recognising social engineering attempts.

13. Responsible Disclosure

We welcome responsible disclosure from security researchers and the broader community. If you believe you have identified a security vulnerability in our platform, please contact us at info@kansvector.vip before making any disclosure public. We will investigate all credible reports and respond in good faith. We ask that researchers avoid actions that could compromise user data or platform availability during their investigation.

14. Policy Updates

This Security Policy may be updated from time to time to reflect changes in our practices, technology, or applicable requirements. The date at the top of this document indicates when the policy was last revised. We encourage users to review this page periodically.

15. Contact

For questions or concerns relating to this policy, please contact us:

Kansvector
1 Catchpole St, Macquarie, ACT, 2614, Australia
Email: info@kansvector.vip
Phone: +61 2 9622 3093