Security Practices

At Conxeptcubes Technologies, security is foundational to how we build and operate. As a technology company entrusted with sensitive data on behalf of our clients, we hold ourselves to rigorous standards and continuously invest in measures to protect the confidentiality, integrity, and availability of data in our care.

Data Encryption

We protect data both in transit and at rest:

• All data transmitted between your browser and our website is encrypted using TLS 1.2 or higher (HTTPS). Unencrypted HTTP connections are not accepted.
• Sensitive data stored on our systems is encrypted at rest using AES-256 or equivalent industry-standard algorithms.
• Passwords and credentials are never stored in plain text — they are hashed using modern, salted cryptographic algorithms.

Access Controls

We enforce strict controls to ensure data is accessible only to those who need it:

Infrastructure & Application Security

Application security — built into our development lifecycle:

• Secure coding practices and peer code review on all production changes
• Regular vulnerability assessments and penetration testing
• Critical security patches applied within 30 days of release
• Active monitoring of third-party dependencies for known vulnerabilities

Monitoring & Incident Response

We maintain continuous monitoring of our systems:

• Comprehensive audit logs are kept for all access to systems containing personal or sensitive data
• Automated alerts are configured to detect suspicious activity or anomalous access patterns
• Logs are retained for a minimum of 12 months

In the event of a security incident:

• We contain and investigate the breach without undue delay
• Affected Data Controllers are notified within 48 hours of our becoming aware, in compliance with Section 31 of the Data Protection Act, 2012 (Act 843)
• Every incident is reviewed post-resolution to identify root causes and prevent recurrence

Third-Party & Vendor Security

Before engaging any service provider who will access personal or confidential data, we:

Physical Security

• Access to office areas where sensitive data is processed is restricted to authorised personnel
• Clear desk and clear screen policies apply in all work environments
• Physical documents are disposed of by cross-cut shredding
• Portable devices containing data are encrypted and subject to remote wipe

Employee Security

• All staff and contractors complete mandatory data protection and security awareness training before accessing any personal data
• Training is refreshed annually
• All personnel are bound by confidentiality obligations
• Staff are required to report any suspected security incident immediately

Business Continuity

• Critical systems and data are backed up regularly; backups are encrypted and stored securely
• Backup restoration is tested at least quarterly
• Our Business Continuity and Disaster Recovery Plan is documented and tested annually

Responsible Disclosure

We welcome responsible disclosure of potential vulnerabilities. If you believe you have found a security issue affecting our systems, please report it to us:

We ask that you:

• Describe the vulnerability clearly, including steps to reproduce it
• Allow us reasonable time to investigate and remediate before any public disclosure
• Avoid accessing, modifying, or deleting any data in the course of your research

We commit to acknowledging valid reports within 5 business days and working with you in good faith to resolve the issue. We do not pursue legal action against researchers who act responsibly and within these guidelines.

Compliance

Our security programme is aligned with:

Contact

If you have questions about our security practices or wish to report a concern: