Security Policy

All data transmitted between your browser and our servers is encrypted using TLS 1.3 (Transport Layer Security). Sensitive information stored in our databases is encrypted at rest using AES-256 (Advanced Encryption Standard). We also encrypt backups and any data shared with trusted third‑party service providers.

Our infrastructure is hosted on secure, ISO 27001‑certified cloud platforms (Google Cloud Platform, AWS, Kinsta). We implement:

• DDoS Protection: Multi‑layer distributed denial‑of‑service mitigation.
• Firewalls & IDS/IPS: Next‑gen firewalls and intrusion detection/prevention systems.
• Regular Vulnerability Scans: Automated and manual penetration testing.
• Web Application Firewall (WAF): Blocks malicious requests and SQL injection attempts.

We enforce the principle of least privilege and implement:

• Multi‑Factor Authentication (MFA): Required for all staff and admins.
• Role‑Based Access Control (RBAC): Permissions are granted only as needed.
• Regular Access Reviews: Quarterly audits of user privileges.
• Strong Password Policies: Minimum complexity, rotation, and secure storage (bcrypt/Argon2).

Our security operations centre (SOC) monitors systems 24/7 for anomalous activity. We maintain an incident response plan that includes immediate containment, forensic analysis, and notification of affected users and regulators as required by law (e.g., GDPR 72‑hour breach notification).

We perform automated daily backups of all critical systems and databases. Backups are encrypted and stored in geographically redundant locations. Our disaster recovery plan ensures minimal downtime (RTO < 4 hours) and near‑zero data loss (RPO < 24 hours).

All third‑party service providers undergo thorough security assessments and must sign data processing agreements (DPAs) that require compliance with GDPR, CCPA, and other applicable regulations.

Users play a role in keeping their data safe:

• Use strong, unique passwords.
• Enable MFA where available.
• Report suspicious activity to icreatixpro@gmail.com.

iCreatixPRO maintains compliance with:

• GDPR (EU/UK) – Data protection and breach notification.
• CCPA/CPRA (California) – Consumer privacy rights.
• UAE PDPL – Local data protection law.
• PCI DSS (Level 1) – For any payment transactions (via secure payment gateways).

If you discover a security vulnerability in our systems, please report it to icreatixpro@gmail.com. We operate a responsible disclosure policy.

This Security Policy may be updated from time to time. The “Last updated” date indicates when the policy was last revised. Please review this page periodically.