Mydoraquell Logo

Professional SEO consulting and competitor analysis for South African businesses

Security Policy

Last Updated: April 9, 2025

At Mydoraquell, we take the security of your data and our systems seriously. This Security Policy outlines the measures we implement to protect your information and maintain the integrity of our services.

1. Information Security Framework

We maintain a comprehensive information security program designed to protect the confidentiality, integrity, and availability of client data. Our security framework is continuously reviewed and updated to address emerging threats and vulnerabilities.

1.1 Security Standards

Our security practices align with industry-recognized standards and best practices. We implement technical, administrative, and physical safeguards appropriate to the sensitivity of the information we process.

1.2 Risk Assessment

We conduct regular security risk assessments to identify potential vulnerabilities and implement appropriate controls. Our approach includes threat modeling, vulnerability scanning, and penetration testing.

2. Data Protection Measures

2.1 Encryption

All data transmitted between your device and our servers is encrypted using industry-standard Transport Layer Security (TLS) protocols. Sensitive data at rest is encrypted using strong encryption algorithms to prevent unauthorized access.

2.2 Access Controls

We implement strict access control measures to ensure that only authorized personnel can access client data. Access is granted on a need-to-know basis and is regularly reviewed and audited.

Our access control measures include:

Multi-factor authentication: Required for all administrative access

Role-based permissions: Access levels assigned based on job function

Access logging: All data access is logged and monitored

Regular reviews: Periodic audits of user permissions and access rights

2.3 Data Segregation

Client data is logically segregated to prevent unauthorized cross-access. We implement database-level controls and application-layer security to maintain data isolation.

3. Infrastructure Security

3.1 Network Security

Our network infrastructure is protected by multiple layers of security including firewalls, intrusion detection systems, and distributed denial-of-service (DDoS) protection. We monitor network traffic continuously for suspicious activity.

3.2 Server Security

All servers are hardened according to security best practices. We apply security patches promptly, disable unnecessary services, and implement host-based intrusion detection systems.

3.3 Physical Security

Our data is hosted in professionally managed data centers with robust physical security controls including access badges, video surveillance, environmental monitoring, and 24/7 security personnel.

4. Application Security

4.1 Secure Development

We follow secure coding practices throughout the software development lifecycle. Our development process includes:

Security requirements: Security considerations integrated from design phase

Code reviews: Manual and automated security code reviews

Security testing: Regular vulnerability assessments and penetration testing

Dependency management: Regular updates of third-party libraries and components

4.2 Input Validation

All user inputs are validated and sanitized to prevent injection attacks, cross-site scripting, and other common web vulnerabilities. We implement both client-side and server-side validation controls.

4.3 Session Management

User sessions are managed securely with appropriate timeout periods, secure session tokens, and protection against session hijacking attacks.

5. Monitoring and Incident Response

5.1 Security Monitoring

We maintain continuous monitoring of our systems and networks to detect potential security incidents. Our monitoring includes:

Log aggregation: Centralized collection and analysis of security logs

Anomaly detection: Automated systems to identify unusual patterns

Alert management: Real-time notifications for security events

Threat intelligence: Integration of external threat feeds

5.2 Incident Response

We maintain a formal incident response plan to address security incidents promptly and effectively. Our incident response process includes identification, containment, eradication, recovery, and post-incident analysis.

5.3 Notification

In the event of a security incident that may affect your data, we will notify you in accordance with applicable legal requirements and our contractual obligations. Notifications will include relevant details about the incident and recommended actions.

6. Employee Security

6.1 Background Checks

All employees with access to client data undergo appropriate background checks as permitted by local law before being granted access to sensitive systems or information.

6.2 Security Training

All personnel receive regular security awareness training covering topics such as data protection, phishing awareness, password security, and incident reporting procedures.

6.3 Confidentiality Obligations

All employees and contractors are bound by confidentiality agreements that survive the termination of their employment or engagement.

7. Third-Party Security

7.1 Vendor Management

We carefully evaluate the security practices of third-party service providers before engagement. All vendors with access to client data must meet our security requirements and are subject to contractual security obligations.

7.2 Sub-processor Security

When we use sub-processors to handle client data, we ensure they provide appropriate security guarantees. We maintain a list of authorized sub-processors and conduct regular security reviews.

8. Business Continuity and Disaster Recovery

8.1 Backup Procedures

We maintain regular backups of client data to protect against data loss. Backups are encrypted, stored securely, and tested regularly to ensure recoverability.

8.2 Disaster Recovery

We have documented disaster recovery procedures to ensure the continuity of our services in the event of a major incident. Our disaster recovery plan is tested periodically and updated as needed.

8.3 Redundancy

Our infrastructure includes redundant systems and network paths to maintain service availability in the event of hardware failures or network disruptions.

9. Compliance and Auditing

9.1 Compliance Program

We maintain a compliance program to ensure adherence to applicable laws, regulations, and contractual commitments related to data security and privacy.

9.2 Security Audits

We conduct regular internal security audits and may engage third-party auditors to assess our security controls. Audit findings are addressed through formal remediation processes.

9.3 Certifications

We pursue relevant security certifications and attestations to demonstrate our commitment to information security best practices.

10. Your Security Responsibilities

10.1 Account Security

You are responsible for maintaining the security of your account credentials. We recommend using strong, unique passwords and enabling multi-factor authentication when available.

10.2 Authorized Use

You must ensure that only authorized users access our services through your account. You are responsible for the actions of all users under your account.

10.3 Security Reporting

If you discover any security vulnerability or incident related to our services, please report it immediately to our security team at help@mydoraquell.com. We appreciate responsible disclosure and will respond promptly to security reports.

11. Data Retention and Deletion

11.1 Retention Periods

We retain client data for as long as necessary to provide our services and comply with legal obligations. Retention periods vary depending on the type of data and applicable requirements.

11.2 Secure Deletion

When data is no longer required, we securely delete or anonymize it using methods that prevent recovery. Our deletion procedures comply with industry standards for secure data destruction.

12. Security Updates and Patch Management

We maintain a formal patch management process to ensure that security updates are applied promptly to all systems. Critical security patches are prioritized and deployed according to risk assessment.

Our systems are regularly updated to address known vulnerabilities and incorporate security enhancements. We balance the need for security updates with service stability and thoroughly test patches before deployment.

13. Encryption Key Management

Encryption keys are managed using industry-standard practices including secure generation, storage, rotation, and destruction. We implement appropriate controls to prevent unauthorized access to encryption keys and maintain audit trails of key usage.

14. Security by Design

Security considerations are integrated into all aspects of our service design and development. We apply the principles of security by design and privacy by default to minimize risks and protect data from the ground up.

15. Changes to This Security Policy

We may update this Security Policy periodically to reflect changes in our security practices, technologies, or legal requirements. The date at the top of this document indicates when the policy was last updated.

We encourage you to review this Security Policy regularly to stay informed about how we protect your information. Continued use of our services after changes constitutes acceptance of the updated policy.

16. Contact Information

If you have questions about this Security Policy or our security practices, please contact us:

Email: help@mydoraquell.com

Phone: +27219769611

Address: 2 Simfonie St, Tasbet Park, Emalahleni, 1040, South Africa

For security vulnerability reports or security-related inquiries, please use the email address above with the subject line Security Issue to ensure prompt routing to our security team.