Поддержка Способы оплаты
Личный кабинет

Security Policy

1. Purpose

This Security Policy is established to define the measures we implement to ensure the security, reliability, and integrity of our services. We are committed to adopting industry best practices and maintaining compliance with applicable laws and regulations, including applicable data protection and privacy requirements, to protect our customers' data and ensure the safety of our services.

2. Scope

This policy applies to all users and customers who interact with our systems, services, and infrastructure. It encompasses all security aspects, including physical, digital, and procedural safeguards.

3. Principles of Security

Our security framework is guided by the following principles:

  • Confidentiality: Restricting access to sensitive data to authorized individuals only.
  • Integrity: Ensuring the accuracy and reliability of data by protecting it from unauthorized modifications.
  • Availability: Guaranteeing that services and data are accessible to authorized users at all times.
  • Accountability: Establishing clear accountability for all security-related activities and decisions.

4. Compliance with Applicable Laws and Data Protection Requirements

We follow applicable laws and data protection requirements by implementing the following measures:

  • Data Minimization: Collecting and processing only the data necessary for providing our services.
  • Transparency: Clearly communicating the ways in which customer data is used, stored, and protected.
  • Lawful Basis and Purpose Limitation: Ensuring that data processing activities are carried out for legitimate purposes and in accordance with applicable legal requirements.
  • Security Measures: Adopting robust technical and organizational measures to protect personal data from breaches and unauthorized access.

5. Core Security Measures

5.1 Access Controls

  • Employing role-based access controls (RBAC) to limit data access to authorized personnel.
  • Enforcing strong authentication mechanisms, including multi-factor authentication (MFA), for accessing sensitive systems.

5.2 Encryption

  • Encrypting all sensitive data in transit using secure protocols such as TLS.
  • Securing data at rest through the application of industry-standard encryption algorithms.

5.3 Monitoring and Incident Response

  • Conducting continuous system monitoring to detect suspicious activities and vulnerabilities.
  • Maintaining a comprehensive incident response plan to address security breaches promptly and effectively.

5.4 Regular Audits and Assessments

  • Performing security reviews, vulnerability assessments, and testing activities on a risk-based basis.
  • Where appropriate, engaging qualified third parties to support security assessments, subject to confidentiality and security requirements.

5.5 Handling Reports of Inappropriate Activities

The list of prohibited activities is mentioned in the Acceptable Use Policy (AUP). We may use all the applicable measures in order to monitor and prevent prohibited activities, including but not limited to internal solutions, third-party services, and databases.

If we receive a complaint, or abuse, or any other report of possible violation, we may initiate an internal investigation.

For the cases outlined in AUP, service disruption may occur while the investigation is ongoing. Both internal and external tools may be employed to assess potential violations. We do not proactively monitor customer content, except where required for security, legal compliance, or incident response purposes. Additional inspections are conducted solely based on complaints or further checks of publicly available links. Upon concluding our internal investigation:

  • Access to the service may be restored if no violation is confirmed.
  • If a violation is confirmed, we reserve the right to terminate the service, delete infringing data, and permanently block the account. The final decision is made at our discretion and is not subject to appeal.

5.6 Internal Monitoring Systems

  • We use internal automated systems to monitor service usage and identify potential violations.
  • Important: We do not access customer content during routine monitoring. Access may occur only where required for security, legal compliance, or incident response purposes, and is limited to what is reasonably necessary.

5.7 Know Your Customer (KYC) Requirements

To ensure security and compliance, we may require customers to complete a Know Your Customer (KYC) process in certain scenarios. Key provisions include:

  1. Purpose: The KYC process verifies customer identity to prevent misuse of our services for illegal or fraudulent activities.
  2. Third-Party Vendor: KYC checks are performed by a trusted third-party vendor specializing in secure identity verification. We do not store identity document images submitted to the vendor, and only receive and retain verification results and related audit information where reasonably necessary for security, fraud prevention, dispute handling, and compliance purposes.
  3. Customer Agreement: By using our services, customers agree to complete the KYC process when requested.
  4. Temporary Restrictions: Certain account functionalities may be disabled until KYC verification is successfully completed.
  5. Timeframe: Customers are provided 24 hours to complete KYC requirements. Failure to do so may result in account suspension and service termination.
  6. Unsuccessful Verification: In cases where KYC is not passed due to invalid documents or mismatched identity, we reserve the right to suspend the account and discontinue all services.
  7. KYC as appeal basis: In the event that a violation of any provision of our Terms of Use or any other applicable policies is detected, the Customer shall be required to undergo a Know Your Customer (KYC) verification procedure as a mandatory prerequisite for appealing any decision made by the Company. Failure to complete the KYC process, refusal to comply, or failure to pass verification may result in the Company retaining the right to take appropriate measures, including, but not limited to, account suspension, termination of services, or any other actions deemed necessary to ensure compliance and mitigate risk.

Important: The KYC process is conducted in accordance with applicable data protection and privacy laws. Data collected during KYC is handled securely; we do not store identity document images submitted to the vendor and only retain limited verification-related information where reasonably necessary for the purposes described above.

6. Customer Security Responsibilities

We encourage customers to contribute to the overall security of our services by:

  • Using strong, unique passwords for account access.
  • Enabling multi-factor authentication (MFA) wherever available.
  • Keeping devices and software updated to the latest versions.
  • Reporting suspicious activity or potential security issues to our support team promptly.

By registering for our services, customers acknowledge and consent to our security practices as described in this policy.

7. Transparency and Accountability

We are committed to transparency in our security practices by:

  • Publishing updates regarding new security measures and improvements.
  • Notifying affected customers within a reasonable timeframe in the event of a data breach or security incident, where required by applicable law and taking into account the nature of the incident and available information.

8. Revisions and Updates

This policy is reviewed periodically to ensure compliance with evolving regulations and industry standards. Customers will be notified in advance of any significant updates.

This Security Policy reflects our dedication to safeguarding the confidentiality, integrity, and availability of our services while maintaining compliance with applicable laws and industry standards. Further updates or annexes may be added to elaborate on specific measures as required.