Skip to main content
This Security & Compliance Policy (“Policy”) describes the measures Bizcust Limited (“Company”, “we”, “us”, or “our”) takes to protect the security, integrity, and confidentiality of data processed through Bizcust (the “Service”). This Policy complements our Privacy Policy, Terms of Service, Data Processing Agreement (DPA), and Acceptable Use Policy (AUP).

1. Security Principles

We adhere to the following principles:
  • Confidentiality – Only authorized personnel can access sensitive data.
  • Integrity – Data is protected against unauthorized modification or deletion.
  • Availability – Systems are designed for high uptime and resilience.
  • Accountability – Security incidents are logged and monitored.
  • Continuous Improvement – Security measures are reviewed and updated regularly.

2. Organizational Security

  • All employees and contractors receive mandatory security training.
  • Access to production systems is restricted based on role (role-based access control).
  • Background checks are conducted where applicable.
  • Security responsibilities are assigned to dedicated personnel or teams.

3. Technical Security Measures

3.1 Infrastructure

  • Cloud hosting with strong physical security controls.
  • Network segmentation and firewalls to limit access.
  • Regular patching of servers, databases, and applications.

3.2 Data Protection

  • Encryption in transit using TLS 1.2+ for all communications.
  • Encryption at rest for sensitive data where applicable.
  • Secure key management practices.
  • Data backups and disaster recovery procedures.

3.3 Application Security

  • Secure coding practices and code reviews.
  • Vulnerability scanning and penetration testing.
  • Rate limiting and API security controls.
  • Logging and monitoring of system activity.

4. Incident Response

  • Security incidents are tracked, investigated, and remediated.
  • We maintain an incident response plan with defined roles and escalation procedures.
  • Affected customers are notified of data breaches as required by law.
  • Lessons learned from incidents are applied to improve controls.

5. Compliance

  • GDPR: We comply with the General Data Protection Regulation for data subjects in the EEA.
  • SOC 2 / ISO 27001: We align with recognized security standards and may provide reports or attestations upon request.
  • Local laws and regulations: Data is handled according to applicable local requirements (e.g., data residency in selected regions).

6. Subprocessors

  • Third-party subprocessors are vetted for security and compliance.
  • Subprocessors are contractually obligated to maintain equivalent security controls.
  • A current list of subprocessors is available upon request.

7. Access Control & Authentication

  • Multi-factor authentication (MFA) is enforced for privileged accounts.
  • Passwords must meet complexity requirements.
  • Access is reviewed periodically and revoked when no longer required.
  • API keys and tokens are rotated regularly and monitored.

8. Monitoring & Logging

  • Systems are monitored 24/7 for anomalies, performance, and security events.
  • Logs are retained securely and audited for compliance and forensic purposes.
  • Alerts are configured for suspicious activity.

9. Data Backup & Recovery

  • Automated backups are performed regularly.
  • Backups are encrypted and stored in separate locations.
  • Disaster recovery plans are tested periodically.
  • Recovery objectives (RTO/RPO) are defined and maintained.

10. Security Awareness & Training

  • All employees receive ongoing security awareness training.
  • Specialized training is provided for engineering, DevOps, and customer support teams.
  • Security policies are reviewed regularly and updated to reflect new threats.

11. Security Testing

  • Regular vulnerability assessments and penetration tests are conducted.
  • Internal security reviews are performed before releasing major updates.
  • Findings are tracked and remediated promptly.

12. Customer Responsibilities

Customers are responsible for:
  • Maintaining secure access to accounts and workspaces.
  • Using strong passwords and enabling MFA.
  • Reviewing security settings and managing workspace access.
  • Reporting suspected security incidents to [email protected].

13. Reporting Security Issues

  • If you identify a vulnerability or security issue, report it to [email protected].
  • Include sufficient details to allow investigation.
  • Reports will be acknowledged and addressed in a timely manner.

14. Policy Updates

  • This Policy is reviewed regularly and updated as needed.
  • Updates will be reflected in the “Last updated” date.
  • Continued use of the Service constitutes acceptance of the updated Policy.

15. Contact Information

For questions regarding security or compliance: Email: [email protected]
Company: Bizcust Limited
Website: https://www.bizcust.com