Kisqavo logo
Kisqavo
Network Learning
+380 56 744 7797 info@kisqavo.com

Security Policy

Last Updated: June 6, 2025

Kisqavo is committed to maintaining the security and integrity of its platform, services, and the data entrusted to us by our users. This Security Policy describes the technical and organizational measures we implement to protect our systems and your information.

1. Scope

This policy applies to all systems, infrastructure, applications, and processes operated by Kisqavo under the domain kisqavo.com. It covers all data processed through our educational platform, including data related to learners, instructors, and account holders.

2. Data Protection Principles

We follow recognized data protection principles in our security practices:

Confidentiality: Access to data is restricted to authorized personnel who require it to perform their functions.

Integrity: We take measures to ensure that data is accurate, complete, and protected from unauthorized modification.

Availability: We work to ensure our platform remains operational and accessible in accordance with our service commitments.

3. Infrastructure Security

3.1 Hosting and Network

Our platform is hosted on infrastructure that incorporates industry-standard physical and network security controls. These include firewalls, intrusion detection mechanisms, and network segmentation to reduce exposure to unauthorized access.

3.2 Encryption in Transit

All data transmitted between users and our platform is encrypted using Transport Layer Security (TLS). We require HTTPS connections across all endpoints and do not support unencrypted communication channels.

3.3 Encryption at Rest

Sensitive data stored within our systems is encrypted at rest using industry-accepted encryption standards. This applies to databases, backups, and file storage containing personal or account-related information.

3.4 Backups

We maintain regular automated backups of critical data. Backups are stored securely and tested periodically to verify that restoration is possible in the event of system failure or data loss.

4. Access Control

4.1 Authentication

Access to internal systems requires authentication using secure credentials. We enforce password complexity requirements and support multi-factor authentication where applicable for both internal staff and platform users.

4.2 Least Privilege

Access rights are granted on a least-privilege basis. Employees and systems are given only the permissions necessary to perform their designated functions. Access rights are reviewed periodically and revoked when no longer required.

4.3 Administrative Access

Administrative access to production systems is strictly controlled, logged, and monitored. Remote administrative sessions are conducted over encrypted channels only.

5. Application Security

5.1 Secure Development

Our development process incorporates security considerations at each stage. Code changes are reviewed before deployment, and we apply security testing practices to identify and remediate vulnerabilities prior to release.

5.2 Vulnerability Management

We monitor for known vulnerabilities in the software components and dependencies used by our platform. Security patches and updates are applied in a timely manner following risk assessment.

5.3 Session Management

User sessions are managed using secure, randomly generated tokens. Sessions are subject to timeout controls and are invalidated upon logout. Measures are in place to prevent session fixation and hijacking.

6. Monitoring and Logging

We maintain system and application logs to support security monitoring, incident detection, and forensic investigation. Logs are protected against unauthorized modification and are retained for a defined period consistent with our operational and legal requirements.

Automated alerting systems notify our operations team of anomalous activity, authentication failures, and other indicators of potential security incidents.

7. Incident Response

7.1 Detection and Containment

In the event of a detected or suspected security incident, we follow a documented incident response process. This includes immediate steps to contain the incident, preserve evidence, and assess the scope and impact.

7.2 Notification

Where a security incident results in unauthorized access to or disclosure of personal data, we will notify affected users and relevant authorities as required and as promptly as reasonably practicable given the circumstances.

7.3 Post-Incident Review

Following the resolution of any significant security incident, we conduct a post-incident review to identify root causes and implement measures to prevent recurrence.

8. Third-Party Services

We may engage third-party service providers to support the delivery of our platform. Where such providers process data on our behalf, we assess their security practices and enter into appropriate agreements to ensure they maintain standards consistent with this policy.

We do not sell or share your data with third parties for purposes unrelated to the operation and improvement of our services.

9. Employee Responsibilities

All Kisqavo personnel with access to platform systems or user data are required to follow our internal security policies. This includes mandatory security awareness training, adherence to acceptable use standards, and immediate reporting of any suspected security issues to the appropriate internal contact.

Personnel with access to sensitive data are subject to confidentiality obligations and undergo appropriate vetting as part of the onboarding process.

10. Physical Security

Our operational infrastructure is hosted in facilities with physical access controls, including restricted entry, surveillance, and environmental protections. Physical access to servers and networking equipment is limited to authorized personnel only.

11. User Responsibilities

Users of the Kisqavo platform share responsibility for maintaining account security. We encourage all users to:

Use strong, unique passwords for their Kisqavo accounts and avoid reusing passwords across services. Enable multi-factor authentication if available. Log out of sessions when using shared or public devices. Report any suspicious activity related to their account promptly by contacting us at info@kisqavo.com.

We are not responsible for security incidents that result from a user's failure to maintain appropriate account security on their end.

12. Reporting Security Concerns

If you discover a potential security vulnerability or have a concern related to the security of our platform, we encourage responsible disclosure. Please contact our team directly at:

Email: info@kisqavo.com
Phone: +380567447797
Address: Spivdruzhnosti St, 68, Kryvyi Rih, Dnipropetrovsk Oblast, Ukraine, 50000

We will acknowledge receipt of your report and work to investigate and address any confirmed issues in a timely manner. We ask that you do not publicly disclose potential vulnerabilities until we have had a reasonable opportunity to investigate and respond.

13. Changes to This Policy

We may update this Security Policy from time to time to reflect changes in our practices, technologies, or applicable standards. When we make material changes, we will update the date at the top of this page. Continued use of our platform following any update constitutes acceptance of the revised policy.

14. Contact

If you have questions or concerns about this Security Policy or our security practices, please reach out to us at info@kisqavo.com. We are available to address your inquiries and will respond within a reasonable timeframe.