Security Policy
Last updated: 24 June 2025
Promoenergia is committed to protecting the security of its platform, user data, and digital infrastructure. This Security Policy describes the measures taken to safeguard information processed through promoenergia.vip and the responsibilities shared between the platform and its users.
1. Scope
This policy applies to all systems, services, and data managed by Promoenergia, including the website located at promoenergia.vip, all associated subdomains, application interfaces, and backend infrastructure supporting the delivery of educational content and interactive assessments.
2. Data Protection and Encryption
2.1 Data in Transit
All communications between users and the platform are encrypted using industry-standard Transport Layer Security (TLS). Unencrypted connections are redirected to secure equivalents to ensure data integrity throughout transmission.
2.2 Data at Rest
Sensitive data stored within platform systems is encrypted using established encryption standards. Access to stored data is restricted to authorised personnel only and governed by role-based access controls.
3. Access Control
Access to platform infrastructure and administrative systems is governed by the principle of least privilege. Only personnel with a verified operational need are granted access to sensitive systems. Access rights are reviewed periodically and revoked promptly upon change of role or departure.
Multi-factor authentication is enforced for all privileged accounts and administrative interfaces. Shared credentials are prohibited across all internal systems.
4. Authentication and Account Security
User accounts are protected through secure authentication mechanisms. Passwords are stored using one-way cryptographic hashing with appropriate salting. The platform enforces minimum password complexity requirements and provides users with the ability to manage their authentication credentials.
Users are responsible for maintaining the confidentiality of their login credentials. Any suspected unauthorised access should be reported immediately to contact@promoenergia.vip .
5. Infrastructure Security
5.1 Network Security
Platform infrastructure is protected by firewalls, intrusion detection mechanisms, and network segmentation. Traffic is monitored for anomalous patterns and potential threats. Unnecessary ports and services are disabled by default.
5.2 Server Hardening
Servers are configured according to security hardening guidelines. Default credentials are replaced, unnecessary software is removed, and operating systems and dependencies are kept up to date with security patches.
5.3 Third-Party Services
Where third-party services or integrations are used, they are assessed for security compliance prior to adoption. Data shared with third parties is limited to what is strictly necessary for the function being performed.
6. Vulnerability Management
The platform undergoes periodic security assessments and vulnerability scans. Identified vulnerabilities are triaged by severity and addressed within timeframes proportionate to the associated risk. Critical vulnerabilities are prioritised for immediate remediation.
Promoenergia welcomes responsible disclosure of security vulnerabilities. If you discover a potential security issue, please contact us at contact@promoenergia.vip before public disclosure to allow time for investigation and remediation.
7. Security Incident Response
A documented incident response process is in place to handle security events in a timely and organised manner. Upon detection of a confirmed security incident, the following steps are taken:
- Containment of the affected systems or services
- Assessment of the scope and impact of the incident
- Eradication of the root cause
- Recovery of affected systems to normal operation
- Post-incident review and documentation
Where an incident results in a breach of personal data, affected users and relevant parties will be notified in accordance with applicable obligations and within reasonable timeframes.
8. Monitoring and Logging
Platform activity is logged to support security monitoring, incident investigation, and audit purposes. Logs are stored securely, protected from unauthorised modification, and retained for a defined period consistent with operational and legal requirements. Automated alerts are configured for events indicative of suspicious or anomalous behaviour.
9. Physical Security
Infrastructure supporting the platform is hosted in facilities that maintain physical access controls, environmental protections, and operational redundancy. Physical access to servers is restricted to authorised personnel of the relevant hosting provider.
10. Business Continuity and Backups
Regular backups of platform data are performed and stored in a secure, geographically separated environment. Backup integrity is verified periodically. Recovery procedures are documented and tested to ensure the platform can be restored within acceptable timeframes following a disruptive event.
11. Employee and Contractor Security
Personnel with access to platform systems or user data are subject to confidentiality obligations. Security awareness is maintained through periodic training on current threats, safe handling of data, and compliance with internal security requirements. Access is provisioned strictly in accordance with job responsibilities.
12. Software Development Security
Security considerations are incorporated throughout the software development lifecycle. Code changes are reviewed prior to deployment, and production environments are logically separated from development and testing environments. Known vulnerable dependencies are identified and updated as part of routine maintenance.
13. User Responsibilities
Users of the platform share responsibility for maintaining security. Users are expected to:
- Keep login credentials confidential and not share account access
- Use strong, unique passwords for their platform accounts
- Report any suspicious activity or suspected unauthorised access promptly
- Ensure that devices used to access the platform are reasonably protected
- Refrain from attempting to probe, scan, or exploit platform systems
14. Changes to This Policy
This Security Policy may be updated from time to time to reflect changes in technology, operational practices, or applicable requirements. The date at the top of this page indicates when the policy was last revised. Continued use of the platform following any update constitutes acceptance of the revised policy.
15. Contact
Questions or concerns regarding this Security Policy may be directed to Promoenergia using the following contact details:
- Email: contact@promoenergia.vip
- Phone: +61 8 8985 4078
- Address: 39-41 Lower Fort St, Dawes Point NSW 2000, Australia