1. HTTPS and TLS
Our website and services are served over HTTPS using modern Transport Layer Security (TLS). This helps protect data exchanged between your browser and our systems from interception and tampering.
2. Encryption in Transit and at Rest
We use encryption to protect data in transit and, where appropriate, at rest. Sensitive data is handled using industry-standard cryptographic protocols, and access to encryption keys is restricted.
3. Secure Authentication
We apply secure authentication practices, including strong password requirements, support for multi-factor authentication where available, and the principle of least privilege for access to systems and data.
4. Infrastructure Protection
We protect our infrastructure using measures such as network segmentation, firewalls, hardened configurations, regular patching and reputable hosting providers. We design our systems to reduce the attack surface and limit the impact of any single failure.
5. Monitoring
We monitor our systems for unusual or unauthorized activity, maintain logging where appropriate, and maintain procedures to respond to security incidents in a timely manner.
6. Coordinated Vulnerability Disclosure
We value the work of security researchers and welcome reports of potential vulnerabilities. If you believe you have found a security issue, please report it to us privately so we can investigate and remediate before any public disclosure.
To report a vulnerability, email abuse@shakhawatllc.online and include:
- A clear description of the issue and its potential impact.
- Steps to reproduce, including any proof-of-concept where safe to share.
- The affected URL, endpoint or component.
- Your contact details so we can follow up.
7. Safe Harbor
If you make a good-faith effort to comply with this policy during your research, we will consider your activity authorized, will not pursue legal action against you in relation to the report, and will work with you to understand and resolve the issue. Please avoid privacy violations, data destruction, service disruption and accessing more data than necessary to demonstrate the issue.
8. Our Commitment to Respond
We commit to acknowledging valid reports, keeping you informed of our progress where appropriate, and working to remediate confirmed vulnerabilities in a reasonable timeframe based on severity. We appreciate responsible disclosure and the opportunity to fix issues before they are exploited.
9. Scope
This policy applies to systems and services operated by Shakhawat LLC, including our website at https://shakhawatllc.online. Third-party services we rely on are governed by their own security and disclosure policies. Testing that could harm our systems, data or users, or that violates applicable law, is outside the scope of this policy.