Terms & Policies
Security
This Policy is effective on January 1, 2025.
At Tynoc Tech, security is a core part of how we build and operate. This page outlines our security practices and how we protect your data and the systems we build for our clients.
1. Infrastructure Security
Our infrastructure is hosted on industry-leading cloud providers with enterprise-grade security controls.
- All data is encrypted in transit using TLS 1.2 or higher
- Data at rest is encrypted using AES-256
- Access to production systems is restricted to authorized personnel only
- Multi-factor authentication (MFA) is required for all internal systems
- Regular access reviews and principle of least privilege enforced
- Network segmentation and firewall rules applied to all environments
2. Application Security
We follow secure development practices across all projects we build and maintain.
- Regular code reviews and security audits on all codebases
- Dependency vulnerability scanning integrated into CI/CD pipelines
- Input validation and parameterized queries to prevent injection attacks
- Role-based access control (RBAC) on all internal and client systems
- Secrets management using environment variables and secure vaults
- OWASP Top 10 guidelines followed in all development work
3. Data Protection
We take the protection of client and user data seriously. We collect only the data necessary to provide our services and retain it only as long as required. Client data is never used for any purpose other than delivering the agreed services.
4. Incident Response
We maintain a documented incident response plan to detect, contain, and remediate security incidents promptly. In the event of a data breach affecting your information, we will notify you in accordance with applicable laws and within the timeframes required by regulation.
5. Penetration Testing
We conduct regular security assessments and penetration tests on our own systems. For client projects, we recommend and can facilitate third-party penetration testing prior to production launch.
6. Responsible Disclosure
If you discover a security vulnerability in our systems or services, please report it responsibly to info@tynoc.com. We will acknowledge your report within 48 hours and work to resolve confirmed issues promptly. We ask that you do not publicly disclose the vulnerability until we have had a reasonable opportunity to address it.
7. Contact
For security-related inquiries or to report a vulnerability, please contact our security team at info@tynoc.com.