Skip to content
English
Go to ishosting.com
  • There are no suggestions because the search field is empty.

Security Policy

1. Purpose

This Security Policy is established to define the measures we implement to ensure the security, reliability, and integrity of our services. We are committed to adopting industry best practices and maintaining full compliance with applicable EU legislation, including the General Data Protection Regulation (GDPR), to protect our customers' data and ensure the safety of our services.

2. Scope

This policy applies to all users and customers who interact with our systems, services, and infrastructure. It encompasses all security aspects, including physical, digital, and procedural safeguards.

3. Principles of Security

Our security framework is guided by the following principles:

  • Confidentiality: Restricting access to sensitive data to authorized individuals only.
  • Integrity: Ensuring the accuracy and reliability of data by protecting it from unauthorized modifications.
  • Availability: Guaranteeing that services and data are accessible to authorized users at all times.
  • Accountability: Establishing clear accountability for all security-related activities and decisions.

4. Compliance with GDPR and EU Legislation

We operate in strict compliance with GDPR and other applicable EU laws by implementing the following measures:

  • Data Minimization: Collecting and processing only the data necessary for providing our services.
  • Transparency: Clearly communicating the ways in which customer data is used, stored, and protected.
  • Lawful Basis: Ensuring that all data processing activities are grounded in valid legal bases.
  • Security Measures: Adopting robust technical and organizational measures to protect personal data from breaches and unauthorized access.

5. Core Security Measures

5.1. Access Controls

  • Employing role-based access controls (RBAC) to limit data access to authorized personnel.
  • Enforcing strong authentication mechanisms, including multi-factor authentication (MFA), for accessing sensitive systems.

5.2. Encryption

  • Encrypting all sensitive data in transit using secure protocols such as TLS.
  • Securing data at rest through the application of industry-standard encryption algorithms.

5.3. Monitoring and Incident Response

  • Conducting continuous system monitoring to detect suspicious activities and vulnerabilities.
  • Maintaining a comprehensive incident response plan to address security breaches promptly and effectively.

5.4. Regular Audits and Assessments

  • Conducting periodic security audits, vulnerability assessments, and penetration testing.
  • Engaging third-party security experts to validate our practices.

5.5. Handling Reports of Inappropriate Activities

The list of prohibited activities is mentioned in the Acceptable Use Policy (AUP). We may use all the applicable measures in order to monitor and prevent prohibited activities, including but not limited to internal solutions and, third-party services, and databases.

If we receive a complaint, or abuse, or any other report of possible violation, we may initiate an internal investigation.

For the cases outlined in AUP, service disruption may occur while the investigation is ongoing. Both internal and external tools may be employed to assess potential violations. We do not proactively monitor customer content, and additional inspections are conducted solely based on complaints or further checks of publicly available links. Upon concluding our internal investigation:

  • Access to the service may be restored if no violation is confirmed.
  • If a violation is confirmed, we reserve the right to terminate the service, delete infringing data, and permanently block the account. The final decision is made at our discretion and is not subject to appeal.

5.6. Internal Monitoring Systems

  • We use internal automated systems to monitor service usage and identify potential violations. 
  • Important: We do not access customer content during monitoring, ensuring data confidentiality.

5.7. Know Your Customer (KYC) Requirements

To ensure security and compliance, we may require customers to complete a Know Your Customer (KYC) process in certain scenarios. Key provisions include:

    1. Purpose: The KYC process verifies customer identity to prevent misuse of our services for illegal or fraudulent activities.
    2. Third-Party Vendor: KYC checks are performed by a trusted third-party vendor specializing in secure identity verification. We do not retain or store KYC-related data.
    3. Customer Agreement: By using our services, customers agree to complete the KYC process when requested. 
    4. Temporary Restrictions: Certain account functionalities may be disabled until KYC verification is successfully completed.
    5. Timeframe: Customers are provided 24 hours to complete KYC requirements. Failure to do so may result in account suspension and service termination.
    6. Unsuccessful Verification: In cases where KYC is not passed due to invalid documents or mismatched identity, we reserve the right to su spend the account and discontinue all services.
    7. KYC as appeal basis: In the event that a violation of any provision of our Terms of Use or any other applicable policies is detected, the Customer shall be required to undergo a Know Your Customer (KYC) verification procedure as a mandatory prerequisite for appealing any decision made by the Company. Failure to complete the KYC process, refusal to comply, or failure to pass verification may result in the Company retaining the right to take appropriate measures, including, but not limited to, account suspension, termination of services, or any other actions deemed necessary to ensure compliance and mitigate risk.

Important: The KYC process is fully compliant with GDPR and other applicable laws. Data collected during KYC is handled securely and is not retained by us.

6. Customer Security Responsibilities

We encourage customers to contribute to the overall security of our services by:

  • Using strong, unique passwords for account access.
  • Enabling multi-factor authentication (MFA) wherever available.
  • Keeping devices and software updated to the latest versions.
  • Reporting suspicious activity or potential security issues to our support team promptly.

By registering for our services, customers acknowledge and consent to our security practices as described in this policy.

7. Transparency and Accountability

We are committed to transparency in our security practices by:

  • Publishing updates regarding new security measures and improvements.
  • Notifying affected customers promptly in the event of a data breach or security incident.

8. Revisions and Updates

This policy is reviewed periodically to ensure compliance with evolving regulations and industry standards. Customers will be notified in advance of any significant updates.

This Security Policy reflects our dedication to safeguarding the confidentiality, integrity, and availability of our services while maintaining full compliance with EU legislation. Further updates or annexes may be added to elaborate on specific measures as required.