Security Policy

Last updated: 24 June 2025

Promoenergia is committed to protecting the security of its platform, user data, and digital infrastructure. This Security Policy describes the measures taken to safeguard information processed through promoenergia.vip and the responsibilities shared between the platform and its users.

1. Scope

This policy applies to all systems, services, and data managed by Promoenergia, including the website located at promoenergia.vip, all associated subdomains, application interfaces, and backend infrastructure supporting the delivery of educational content and interactive assessments.

2. Data Protection and Encryption

2.1 Data in Transit

All communications between users and the platform are encrypted using industry-standard Transport Layer Security (TLS). Unencrypted connections are redirected to secure equivalents to ensure data integrity throughout transmission.

2.2 Data at Rest

Sensitive data stored within platform systems is encrypted using established encryption standards. Access to stored data is restricted to authorised personnel only and governed by role-based access controls.

3. Access Control

Access to platform infrastructure and administrative systems is governed by the principle of least privilege. Only personnel with a verified operational need are granted access to sensitive systems. Access rights are reviewed periodically and revoked promptly upon change of role or departure.

Multi-factor authentication is enforced for all privileged accounts and administrative interfaces. Shared credentials are prohibited across all internal systems.

4. Authentication and Account Security

User accounts are protected through secure authentication mechanisms. Passwords are stored using one-way cryptographic hashing with appropriate salting. The platform enforces minimum password complexity requirements and provides users with the ability to manage their authentication credentials.

Users are responsible for maintaining the confidentiality of their login credentials. Any suspected unauthorised access should be reported immediately to contact@promoenergia.vip .

5. Infrastructure Security

5.1 Network Security

Platform infrastructure is protected by firewalls, intrusion detection mechanisms, and network segmentation. Traffic is monitored for anomalous patterns and potential threats. Unnecessary ports and services are disabled by default.

5.2 Server Hardening

Servers are configured according to security hardening guidelines. Default credentials are replaced, unnecessary software is removed, and operating systems and dependencies are kept up to date with security patches.

5.3 Third-Party Services

Where third-party services or integrations are used, they are assessed for security compliance prior to adoption. Data shared with third parties is limited to what is strictly necessary for the function being performed.

6. Vulnerability Management

The platform undergoes periodic security assessments and vulnerability scans. Identified vulnerabilities are triaged by severity and addressed within timeframes proportionate to the associated risk. Critical vulnerabilities are prioritised for immediate remediation.

Promoenergia welcomes responsible disclosure of security vulnerabilities. If you discover a potential security issue, please contact us at contact@promoenergia.vip before public disclosure to allow time for investigation and remediation.

7. Security Incident Response

A documented incident response process is in place to handle security events in a timely and organised manner. Upon detection of a confirmed security incident, the following steps are taken:

Where an incident results in a breach of personal data, affected users and relevant parties will be notified in accordance with applicable obligations and within reasonable timeframes.

8. Monitoring and Logging

Platform activity is logged to support security monitoring, incident investigation, and audit purposes. Logs are stored securely, protected from unauthorised modification, and retained for a defined period consistent with operational and legal requirements. Automated alerts are configured for events indicative of suspicious or anomalous behaviour.

9. Physical Security

Infrastructure supporting the platform is hosted in facilities that maintain physical access controls, environmental protections, and operational redundancy. Physical access to servers is restricted to authorised personnel of the relevant hosting provider.

10. Business Continuity and Backups

Regular backups of platform data are performed and stored in a secure, geographically separated environment. Backup integrity is verified periodically. Recovery procedures are documented and tested to ensure the platform can be restored within acceptable timeframes following a disruptive event.

11. Employee and Contractor Security

Personnel with access to platform systems or user data are subject to confidentiality obligations. Security awareness is maintained through periodic training on current threats, safe handling of data, and compliance with internal security requirements. Access is provisioned strictly in accordance with job responsibilities.

12. Software Development Security

Security considerations are incorporated throughout the software development lifecycle. Code changes are reviewed prior to deployment, and production environments are logically separated from development and testing environments. Known vulnerable dependencies are identified and updated as part of routine maintenance.

13. User Responsibilities

Users of the platform share responsibility for maintaining security. Users are expected to:

14. Changes to This Policy

This Security Policy may be updated from time to time to reflect changes in technology, operational practices, or applicable requirements. The date at the top of this page indicates when the policy was last revised. Continued use of the platform following any update constitutes acceptance of the revised policy.

15. Contact

Questions or concerns regarding this Security Policy may be directed to Promoenergia using the following contact details: