ACKTECK

Security Policy

Our protection measures for your security and your data

Last updated: September 14, 2025
Version: 2.1
Table of contents

1. Introduction

Security is at the heart of ACKTECK's DNA. As a cybersecurity solutions publisher, we apply the highest security standards to our own infrastructure and processes.

This policy describes the technical and organizational measures implemented to protect CyberDash and our users' data.

🔒 Security by design principle

Security is integrated from the design of each feature, following "Security by Design" and "Privacy by Design" principles.

2. Infrastructure Security

2.1 Secure Hosting

🏢 OVH Datacenter (France)
  • ISO 27001, SOC 2 Type II certification
  • 24/7 physical security
  • Power and network redundancy
  • Biometric access control

2.2 Network Architecture

  • Application firewall (WAF) and network firewall
  • Integrated DDoS protection
  • Secure VPN for administrator access

2.3 Servers and Systems

  • Security patches
  • Antivirus and anti-malware
  • Centralized logs
  • Daily backups

3. Application Security

3.1 OWASP Top 10 Protection

  • SQL injection protection
  • Data validation and escaping
  • Secure session management
  • Security headers (HSTS, CSP, etc.)
  • Rate limiting and abuse protection

3.2 Encryption

  • In transit: TLS 1.3 minimum
  • At rest: AES-256 for sensitive data

4. Data Protection

4.1 Data Classification

🔴 Critical Data
  • Passwords
  • Payment data
  • API keys
🟡 Sensitive Data
  • Personal data
  • Analysis results
  • User logs

4.2 Protection Measures

  • Differential encryption according to criticality
  • Pseudonymization of analytics data
  • Automatic deletion according to retention policies
  • Geographically distributed encrypted backup

4.3 GDPR Compliance

  • Integrated Privacy by Design
  • Processing registry maintained
  • Rights exercise request response procedures
  • Data Protection Impact Assessments (DPIA) performed

5. Access Control

5.1 User Authentication

🔐 Multi-factor authentication (MFA)
  • TOTP (Google Authenticator, Authy)
  • WebAuthn / FIDO2 (security keys)
  • Biometric authentication

5.2 Internal Access Management

  • Least privilege principle applied
  • Role-based access (RBAC)
  • Mandatory strong authentication for administrators
  • Time-limited administrator sessions
  • Complete audit trail of all access

6. Surveillance and Monitoring

6.1 Monitored Metrics

  • Abnormal connection attempts
  • Suspicious account activities
  • Network traffic anomalies
  • Performance and availability
  • Data integrity

7. Incident Management

7.1 Response Process

⚠️ Security incident procedure
  1. Detection: Automatic or manual identification
  2. Analysis: Qualification and impact assessment
  3. Containment: Isolation to prevent spread
  4. Eradication: Root cause removal
  5. Recovery: Service restoration
  6. Post-incident: Analysis and improvement

7.2 Incident Communication

  • Customer notification within 72h if data impact
  • Transparent status communication
  • Published post-incident report

7.3 Business Continuity

  • Disaster recovery plan (DRP)
  • Geographically distributed backup

8. Compliance and Certifications

GDPR

Data protection compliance

8.1 Security Audits

  • Regular audits
  • Continuous risk assessment

9. Training and Awareness

9.1 ACKTECK Teams

  • Mandatory security training for all employees
  • Security certification for developers
  • Regular phishing tests
  • Continuous knowledge updates

9.2 CyberDash Users

  • Security best practice guides
  • Security notifications in the application
  • Personalized recommendations
Security Contact

ACKTECK CISO: [email protected]
PGP Key: Download