Clost Renvak
Clost Renvak Color Theory · Web Design
Interactive quizzes on color theory for web design — test your knowledge, earn points, level up. Students from across Ukraine
4,800+ Quizzes completed

Security Policy

Last Updated: May 26, 2024

Clost Renvak ("we," "us," or "our") is committed to protecting the security of our platform, systems, and the data entrusted to us by our users. This Security Policy describes the measures we take to safeguard information and outlines the responsibilities of users in maintaining a secure environment.


1. Scope

This policy applies to all systems, services, and infrastructure operated by Clost Renvak under the domain clostrenvak.com, including web applications, APIs, databases, and any third-party integrations used to deliver our services.


2. Data Protection and Storage

2.1 Encryption

All data transmitted between users and our platform is encrypted using industry-standard Transport Layer Security (TLS). Sensitive data stored in our databases is encrypted at rest using strong encryption algorithms.

2.2 Data Minimization

We collect only the data necessary to provide our services. Unnecessary or outdated data is securely deleted in accordance with our data retention schedules.

2.3 Backups

Critical data is backed up regularly. Backups are encrypted and stored in geographically separated locations to ensure availability in the event of a failure or incident.


3. Access Control

3.1 Principle of Least Privilege

Access to systems and data is granted on a need-to-know basis. Employees and contractors receive only the permissions required to perform their designated duties.

3.2 Authentication

Administrative access to production systems requires multi-factor authentication (MFA). Passwords must meet complexity requirements and are never stored in plaintext.

3.3 Session Management

User sessions are time-limited and invalidated upon logout. Concurrent session controls are enforced where applicable to reduce unauthorized access risk.


4. Infrastructure Security

4.1 Network Security

Our infrastructure is protected by firewalls, intrusion detection systems, and network segmentation. Unnecessary ports and services are disabled. Regular vulnerability scans are conducted across our network perimeter.

4.2 Server Hardening

All servers are configured according to established hardening guidelines. Operating systems and software dependencies are kept up to date with security patches applied promptly upon release.

4.3 Third-Party Services

Third-party vendors and integrations are evaluated for their security practices before adoption. We limit the data shared with third parties to what is strictly necessary for the service to function.


5. Application Security

5.1 Secure Development Practices

Our development process incorporates security reviews at each stage. Code changes are reviewed by peers before being merged and deployed to production environments.

5.2 Vulnerability Management

We conduct periodic security assessments, including automated scanning and manual code reviews, to identify and remediate vulnerabilities in our application layer.

5.3 Dependency Management

Third-party libraries and dependencies are monitored for known security vulnerabilities. Critical patches are applied as soon as they become available.

5.4 Input Validation

All user-supplied input is validated and sanitized on the server side to protect against common attack vectors including SQL injection, cross-site scripting (XSS), and cross-site request forgery (CSRF).


6. Monitoring and Incident Response

6.1 Logging and Monitoring

System events, access logs, and error reports are collected and monitored continuously. Anomalous activity triggers alerts for investigation by our security team.

6.2 Incident Response

We maintain an incident response plan that defines procedures for identifying, containing, and resolving security incidents. Upon confirmation of a breach affecting user data, affected users and relevant parties will be notified without undue delay in accordance with applicable obligations.

6.3 Post-Incident Review

Following any significant security incident, we conduct a thorough post-mortem analysis to identify root causes and implement preventive measures to avoid recurrence.


7. Physical Security

Our services are hosted in data centers that maintain physical access controls, including restricted entry, surveillance systems, and environmental protections against fire, flood, and power disruption. Physical access to server hardware is limited to authorized personnel only.


8. User Responsibilities

Security is a shared responsibility. Users of the Clost Renvak platform are expected to:


9. Responsible Disclosure

If you discover a potential security vulnerability in our platform, we encourage responsible disclosure. Please report your findings to us at contact@clostrenvak.com before making any public disclosure. We commit to acknowledging your report promptly, investigating the issue in good faith, and working toward a resolution. We will not pursue legal action against researchers who act in accordance with this responsible disclosure guideline.

Please include in your report:


10. Security Awareness

Our team members receive regular security awareness training covering topics such as phishing recognition, safe data handling, password hygiene, and incident reporting procedures. Security guidelines are reviewed and updated on a routine basis.


11. Compliance and Audits

We periodically engage independent parties to conduct security audits and penetration tests of our platform. Findings are prioritized and remediated based on severity. We maintain internal documentation supporting our compliance with applicable data protection and security standards.


12. Policy Updates

This Security Policy may be updated from time to time to reflect changes in our practices, technology, or legal obligations. The date at the top of this page indicates when the policy was last revised. Continued use of our platform after any changes constitutes acceptance of the updated policy. We encourage you to review this page periodically.


13. Contact

If you have questions, concerns, or requests related to this Security Policy, please contact us:

Channel Details
Email contact@clostrenvak.com
Phone +380 50 465 08 82
WhatsApp Chat on WhatsApp
Address Dmytrivska St, 76, Kyiv, Ukraine, 01135