Security Policy

This Policy has been established to:

• protect the personal data and account information of Platform users
• maintain the security, stability and reliability of the Platform's information systems
• minimise the likelihood and impact of security incidents
• ensure the continuity of services provided through the Platform
• foster and maintain user trust through transparent security practices

Security controls implemented by ALTIVOR INSTITUTE are applied to protect the following assets and systems:

• personal data and account information of registered and prospective users
• authentication credentials and access control mechanisms
• server infrastructure, databases and backend systems
• electronic communications transmitted to and from the Platform
• the integrity, availability and confidentiality of Platform functionality and content

ALTIVOR INSTITUTE deploys technical security measures appropriate to the nature of the Platform. These may include:

• encryption of data in transit using industry-standard protocols (SSL/TLS)
• server hardening and infrastructure security configurations
• access control mechanisms restricting system access to authorised personnel
• regular software and dependency updates to address known vulnerabilities
• infrastructure monitoring, logging and anomaly detection systems

The specific technical measures applied may evolve over time in response to changes in the threat landscape, technology and applicable best practices. ALTIVOR INSTITUTE does not disclose the detailed configuration of its security infrastructure.

In addition to technical controls, ALTIVOR INSTITUTE implements organisational procedures designed to:

• restrict access to personal data and sensitive systems to authorised individuals on a need-to-know basis
• ensure that personnel with access to user data are subject to appropriate confidentiality obligations
• establish and maintain incident response procedures for identifying, containing and remediating security events
• conduct periodic review of operational processes relevant to data security and system integrity

Users bear primary responsibility for the security of their own account. Each user is required to:

• maintain the confidentiality of their login credentials and not disclose them to any third party
• select passwords of sufficient complexity and update them periodically
• refrain from sharing, selling, transferring or otherwise conveying account access to any other person
• notify ALTIVOR INSTITUTE promptly at contact@altivor.institute upon becoming aware of any suspected unauthorised access or security breach affecting their account

ALTIVOR INSTITUTE will never request a user's password via email or any other unsolicited communication. Users should treat any such request as a phishing attempt and report it immediately.

All personal data collected and processed in connection with the Platform is handled in accordance with the Privacy Policy and applicable data protection legislation, including the General Data Protection Regulation (GDPR) where applicable.

Security measures applied to personal data are designed to be appropriate to the risk presented by the nature of the data processed and the context in which it is held.

In the event of a security incident, ALTIVOR INSTITUTE will take prompt and appropriate steps to:

• detect and confirm the nature and scope of the incident
• contain the incident and limit its impact on users and systems
• remediate affected systems and restore secure operation
• notify affected users and relevant authorities where required by applicable law

The investigation and response to security incidents will be conducted in accordance with ALTIVOR INSTITUTE's internal incident response procedures. Where a personal data breach has occurred, ALTIVOR INSTITUTE will fulfil its notification obligations under applicable data protection law.

ALTIVOR INSTITUTE may engage third-party technology service providers in connection with the operation of the Platform. Where such providers are granted access to Platform systems or user data, they are required to maintain security standards consistent with this Policy and applicable law.

ALTIVOR INSTITUTE conducts reasonable due diligence in the selection of third-party service providers and requires contractual commitments regarding data security where appropriate. A list of third-party data processors is set out in the Privacy Policy.

ALTIVOR INSTITUTE takes reasonable steps to maintain the availability and reliability of the Platform. However, ALTIVOR INSTITUTE does not warrant uninterrupted access to the Platform and accepts no liability for temporary unavailability resulting from:

• scheduled or emergency maintenance
• infrastructure failures or third-party service disruptions
• security incidents, including denial-of-service attacks
• force majeure events or circumstances beyond ALTIVOR INSTITUTE's reasonable control

Where planned maintenance is expected to cause material service disruption, ALTIVOR INSTITUTE will endeavour to provide advance notice through the Platform where reasonably practicable.

Notwithstanding the security measures implemented by ALTIVOR INSTITUTE, no information technology infrastructure can be guaranteed to be entirely free from risk. ALTIVOR INSTITUTE does not warrant that the Platform will be immune from all security threats or vulnerabilities.

ALTIVOR INSTITUTE accepts no liability for losses or damage arising from security incidents caused by factors outside its reasonable control, including but not limited to actions of malicious third parties, vulnerabilities in third-party software or hardware, or failures in user-side security practices. Liability is limited as set out in the Terms & Conditions.

ALTIVOR INSTITUTE operates a responsible disclosure programme. Users or security researchers who identify a potential vulnerability in the Platform are encouraged to report it in accordance with the following guidelines:

Reports should include a description of the vulnerability, the potential impact, and where possible, steps to reproduce the issue. ALTIVOR INSTITUTE will investigate all credible reports and, where a valid vulnerability is confirmed, will endeavour to address it in a timely manner.

Unauthorised security testing is strictly prohibited. Any form of active probing, scanning, penetration testing, or exploitation of the Platform or its infrastructure without the prior written consent of ALTIVOR INSTITUTE is forbidden and may constitute a criminal offence under applicable law.

ALTIVOR INSTITUTE reserves the right to update this Policy at any time in response to changes in technology, applicable law, or the threat environment. Amended versions will be published on the Platform and will take effect upon publication. Continued use of the Platform following any amendment constitutes acceptance of the revised Policy.