Security Policy
Last Updated: January 22, 2025
At Nipaxer, we are committed to protecting the security and integrity of our systems, user data, and educational content. This Security Policy outlines the measures we implement to safeguard our platform and the responsibilities of our users in maintaining a secure environment.
Information Security Framework
We employ a comprehensive security framework designed to protect all aspects of our educational platform. Our approach encompasses technical, administrative, and physical security controls that work together to defend against unauthorized access, data breaches, and other security threats.
Data Protection Measures
All data transmitted between your device and our servers is encrypted using industry-standard Transport Layer Security protocols. We implement encryption both in transit and at rest to ensure that your personal information, learning progress, and account credentials remain confidential and protected from unauthorized access.
Our database systems are secured with multiple layers of protection including access controls, encryption, and regular security audits. We maintain strict separation between production and development environments to prevent accidental data exposure.
Access Control
Access to our systems and user data is restricted based on the principle of least privilege. Our team members receive access only to the information and systems necessary to perform their specific roles. All administrative access is logged, monitored, and regularly reviewed.
We implement multi-factor authentication for all administrative accounts and strongly encourage our users to enable additional security features on their accounts. Password policies enforce strong password requirements including minimum length and complexity standards.
Infrastructure Security
Our platform infrastructure is hosted with reputable service providers who maintain comprehensive security certifications and compliance standards. We utilize firewalls, intrusion detection systems, and network segmentation to protect our systems from external threats.
Regular security assessments and vulnerability scans are conducted to identify and remediate potential weaknesses. We maintain up-to-date software versions and apply security patches promptly to address known vulnerabilities.
Application Security
Our development practices incorporate security at every stage of the software development lifecycle. We conduct code reviews, security testing, and vulnerability assessments before deploying new features or updates to our production environment.
Input validation, output encoding, and parameterized queries are implemented throughout our application to prevent common security vulnerabilities such as injection attacks, cross-site scripting, and other web application threats.
Monitoring and Incident Response
We maintain continuous monitoring of our systems to detect and respond to security incidents promptly. Our security team analyzes logs, monitors for suspicious activities, and investigates potential security events in real time.
Incident Management
In the event of a security incident, we follow a structured incident response plan that includes:
- Immediate containment and assessment of the incident
- Investigation to determine the scope and impact
- Remediation of identified vulnerabilities
- Notification of affected users when required
- Post-incident review and implementation of preventive measures
We are committed to transparent communication with our users regarding security incidents that may affect their data or access to our services.
User Responsibilities
Security is a shared responsibility. We ask our users to take appropriate measures to protect their accounts and information:
Account Security
- Choose strong, unique passwords for your Nipaxer account
- Never share your login credentials with others
- Log out from your account when using shared or public devices
- Enable multi-factor authentication when available
- Report suspicious activities or unauthorized access immediately
Safe Usage Practices
- Keep your devices and browsers updated with the latest security patches
- Use reputable antivirus and security software
- Be cautious of phishing attempts or suspicious communications claiming to be from Nipaxer
- Verify that you are accessing our legitimate website at nipaxer.com
- Do not download or execute files from untrusted sources
Third-Party Services
We carefully evaluate the security practices of third-party service providers before integrating their services into our platform. All third-party vendors handling user data are required to maintain appropriate security standards and comply with our security requirements.
Our use of third-party services is limited to those essential for platform functionality, and we regularly review vendor security practices to ensure continued compliance with our standards.
Data Backup and Recovery
We maintain regular backups of all critical data to ensure business continuity and data recovery capabilities. Backup systems are secured with the same level of protection as production systems and are tested regularly to verify recovery procedures.
Our disaster recovery plan includes procedures for restoring services and data in the event of system failures, natural disasters, or other catastrophic events.
Security Audits and Compliance
We conduct regular internal security audits and assessments to evaluate the effectiveness of our security controls. External security assessments may be performed periodically by independent security professionals to provide objective validation of our security posture.
While we maintain security practices aligned with industry standards and best practices, we continuously evolve our security program to address emerging threats and incorporate new protective technologies.
Employee Security
All Nipaxer employees and contractors receive security awareness training upon joining and participate in ongoing security education programs. Our team members are required to comply with security policies and procedures designed to protect company and user information.
Background checks are conducted for employees with access to sensitive systems or user data, in accordance with applicable laws and regulations.
Vulnerability Disclosure
We welcome reports from security researchers and users who discover potential security vulnerabilities in our platform. If you identify a security issue, please report it responsibly by contacting us at contact@nipaxer.com.
When reporting vulnerabilities, please provide:
- Detailed description of the vulnerability
- Steps to reproduce the issue
- Potential impact assessment
- Your contact information for follow-up
We request that you do not publicly disclose the vulnerability until we have had reasonable time to investigate and address the issue. We commit to acknowledging receipt of vulnerability reports promptly and providing updates on remediation progress.
Physical Security
Our office facilities at Holovna St, 246, Chernivtsi, implement appropriate physical security controls including access restrictions, surveillance systems, and visitor management procedures. Access to areas containing sensitive information or systems is limited to authorized personnel.
Data Retention and Disposal
We retain user data only for as long as necessary to provide our services and comply with legal obligations. When data is no longer needed, it is securely deleted or anonymized using methods that prevent recovery or reconstruction.
Hardware containing sensitive data is properly sanitized or physically destroyed before disposal or repurposing, following industry-standard data destruction practices.
Security Policy Updates
This Security Policy may be updated periodically to reflect changes in our security practices, technologies, or regulatory requirements. The date of the last update is indicated at the top of this policy.
We encourage users to review this policy regularly to stay informed about how we protect your information and our platform. Significant changes to our security practices will be communicated through appropriate channels.
Contact Information
For security-related questions, concerns, or to report security incidents, please contact us:
Email: contact@nipaxer.com
Phone: +380661770807
Address: Holovna St, 246, Chernivtsi, Chernivtsi Oblast, Ukraine, 58000
We take all security matters seriously and will respond to your inquiries as promptly as possible.