Choicevector
Enrolments open

Security Policy

Last updated: 21 June 2025

Choicevector is committed to protecting the security of our platform, our systems, and the information entrusted to us by our users. This Security Policy describes the measures we take to safeguard data, maintain system integrity, and respond to security incidents.


1. Scope

This policy applies to all systems, services, and infrastructure operated by Choicevector under the domain choicevector.info, including web applications, databases, communication channels, and any supporting third-party services used to deliver our platform.


2. Data Protection

2.1 Data in Transit

All data transmitted between users and our platform is encrypted using industry-standard Transport Layer Security (TLS). We do not permit unencrypted connections for any service that handles personal or account-related information.

2.2 Data at Rest

Sensitive data stored on our systems is encrypted at rest using strong encryption standards. Encryption keys are managed separately from the data they protect and are rotated on a defined schedule.

2.3 Data Minimisation

We collect and retain only the data necessary to provide our services. Data that is no longer required is securely deleted in accordance with our data retention practices.


3. Access Controls

3.1 Principle of Least Privilege

Access to systems, databases, and administrative tools is granted on a least-privilege basis. Personnel are given only the access necessary to perform their specific responsibilities.

3.2 Authentication

All internal systems require strong authentication. Where technically feasible, multi-factor authentication is enforced for access to production environments and sensitive administrative interfaces.

3.3 Access Reviews

Access rights are reviewed periodically. Access is revoked promptly when no longer required, including upon changes in role or termination of engagement.


4. Infrastructure Security

4.1 Network Security

Our infrastructure is protected by firewalls, network segmentation, and traffic monitoring. Unnecessary ports and services are disabled. Administrative access to infrastructure is restricted to secured channels.

4.2 Patch Management

Operating systems, software dependencies, and third-party components are kept up to date. Critical security patches are applied promptly following disclosure.

4.3 Vulnerability Management

We conduct periodic vulnerability assessments of our systems. Identified vulnerabilities are prioritised and remediated based on their severity and potential impact.


5. Application Security

5.1 Secure Development Practices

Security considerations are integrated into our development process. Code changes are reviewed before deployment. We follow established guidelines for preventing common vulnerabilities including injection attacks, cross-site scripting, and insecure authentication flows.

5.2 Dependency Management

Third-party libraries and components used in our platform are monitored for known security vulnerabilities. Outdated or vulnerable dependencies are updated or replaced in a timely manner.

5.3 Testing

Security testing is performed as part of our release process. We conduct both automated scanning and manual review of security-sensitive areas of the application.


6. Monitoring and Logging

Our systems generate logs of access events, errors, and administrative actions. These logs are stored securely and monitored for anomalous activity. Log data is retained for a defined period and is accessible only to authorised personnel.


7. Incident Response

7.1 Detection and Containment

We maintain procedures for detecting, containing, and investigating security incidents. Upon identifying a potential incident, our team acts promptly to limit impact and preserve evidence for investigation.

7.2 Notification

In the event of a security incident that affects user data or platform availability, we will notify affected users in a timely manner with relevant details and recommended actions, consistent with our obligations and the nature of the incident.

7.3 Post-Incident Review

Following resolution of a security incident, we conduct a review to identify root causes and implement measures to prevent recurrence.


8. Third-Party Services

We work with third-party providers for hosting, payment processing, communications, and other platform functions. We evaluate the security practices of our providers before engagement and require that they maintain appropriate security standards. We do not share user data with third parties beyond what is necessary to deliver our services.


9. Physical Security

Our platform is hosted in facilities that maintain physical access controls, environmental protections, and redundancy measures. Physical access to infrastructure is restricted to authorised personnel only.


10. Business Continuity and Backups

Critical data is backed up regularly. Backups are encrypted and stored in a manner that supports recovery in the event of data loss or system failure. Recovery procedures are tested periodically to verify their effectiveness.


11. Employee Security Practices

Personnel with access to systems or user data are informed of their security responsibilities. We maintain internal guidelines covering acceptable use, password management, device security, and handling of sensitive information.


12. Responsible Disclosure

If you discover a potential security vulnerability in our platform, we encourage you to report it to us promptly. Please contact us at info@choicevector.info with a description of the issue. We ask that you avoid accessing, modifying, or disclosing data beyond what is necessary to demonstrate the vulnerability. We will acknowledge your report and work to address confirmed issues in a reasonable timeframe.


13. Changes to This Policy

We may update this Security Policy from time to time to reflect changes in our practices, technology, or obligations. The date at the top of this page indicates when the policy was last revised. Continued use of our platform following any update constitutes acceptance of the revised policy.


14. Contact

For questions or concerns regarding this Security Policy, please contact us:

Your data, your choice

We use cookies to remember your progress through lessons and understand which topics learners find most useful — no advertising or third-party tracking involved.