Security Policy
How we protect your data and ensure the security of our platform.
Last updated: March 12, 2025
Introduction
At FMPrepa, the security of your data is our top priority. This Security Policy outlines the measures we take to protect your personal information and ensure the integrity of our platform. We are committed to implementing and maintaining industry-leading security practices to protect against unauthorized access, disclosure, alteration, and destruction of your data.
This policy applies to all FMPrepa services, including our website, mobile applications, and any other products or services offered by FMPrepa. By using our services, you acknowledge and agree to the terms of this Security Policy.
Infrastructure Security
Our platform is hosted on secure, industry-leading cloud infrastructure that maintains stringent security certifications and implements robust security measures.
Hosting Environment
Our services are hosted on servers in enterprise-grade data centers that employ state-of-the-art physical security controls, including:
- 24/7 monitoring and surveillance
- Biometric access controls
- Multiple redundant power sources
- Advanced fire detection and suppression systems
Network Security
We implement multiple layers of network security to protect our infrastructure:
- Enterprise-grade firewalls and intrusion detection systems
- Regular network vulnerability scans and penetration tests
- DDoS protection services
- IP-based access controls for administrative access
Data Security
We employ multiple safeguards to protect your data at rest and in transit.
Encryption
We protect your data with industry-standard encryption:
- All data transmitted between your device and our servers is encrypted using TLS 1.3
- Sensitive data stored in our databases is encrypted at rest using AES-256 encryption
- Encryption keys are securely managed and regularly rotated
Backup and Recovery
To ensure data resilience and availability:
- Automated daily backups of all user data
- Backups are encrypted and stored in geographically separate locations
- Regular testing of backup restoration procedures
- Comprehensive disaster recovery plans
Data Retention and Destruction
We retain your data only as long as necessary to provide our services and as required by law. When data is no longer needed, we follow secure data destruction practices:
- Automated data purging after the retention period expires
- Secure deletion methods that prevent data recovery
- Physical destruction of decommissioned storage media
Application Security
We follow security best practices throughout our software development lifecycle to ensure our applications are secure by design.
Secure Development Lifecycle
Our development process includes:
- Security requirements gathering during the design phase
- Secure coding guidelines and training for developers
- Regular code reviews with security focus
- Automated static and dynamic application security testing
- Pre-release security validation
Authentication and Access Control
We implement strong authentication and access control mechanisms:
- Enforced strong password policies
- Multi-factor authentication option for all user accounts
- Session timeout controls
- Principle of least privilege for system access
- Regular access reviews for administrative privileges
Operational Security
We maintain rigorous operational security practices to ensure ongoing protection of our systems and data.
Security Monitoring
Our security monitoring program includes:
- 24/7 automated monitoring of all systems and applications
- Real-time alerts for suspicious activities
- Security information and event management (SIEM) system
- Regular security log reviews
Incident Response
We have established a comprehensive incident response plan that includes:
- Dedicated incident response team
- Documented incident response procedures
- Regular incident response drills and tabletop exercises
- Post-incident analysis and improvement processes
- Notification protocols for affected users when required
Compliance and Certifications
We adhere to industry standards and regulations to ensure our security practices meet or exceed expectations:
- GDPR compliance for EU data protection
- CCPA compliance for California residents
- SOC 2 Type II certification for service organization controls
- Regular independent security assessments and audits
User Responsibilities
While we take extensive measures to protect your data, security is a shared responsibility. We recommend that users:
- Use strong, unique passwords for your FMPrepa account
- Enable multi-factor authentication if available
- Keep your devices and browsers updated
- Be vigilant about phishing attempts and suspicious emails
- Log out from shared devices after use
- Contact us immediately if you suspect any unauthorized access to your account
Updates to This Security Policy
We regularly review and update our security measures and this Security Policy to reflect changes in technology, regulations, and best practices. Any significant changes to this policy will be communicated through our website or via email to registered users.
Security Vulnerability Reporting
We value the input of security researchers and the wider community in helping us maintain high security standards. If you discover a potential security vulnerability, please report it responsibly by emailing security@fmprepa.com.
We commit to:
- Acknowledging receipt of your vulnerability report within 24 hours
- Providing regular updates on our investigation
- Prioritizing the fix based on severity
- Publicly acknowledging your responsible disclosure (if desired)
Contact Us
If you have any questions about our security practices or this Security Policy, please contact us at:
- Email: security@fmprepa.com
- Contact page