Security Policy

Your privacy and data protection are our top priorities

Last Updated: May 2026

Security Status: ACTIVE

Security Overview

AP.LK Resources is committed to protecting your personal information and ensuring a safe learning environment. We implement industry-standard security measures to protect your data from unauthorized access, alteration, disclosure, or destruction.

This Security Policy outlines the security practices we follow to keep your information safe.

Data Encryption

Transport Security

We use HTTPS/TLS encryption for all communications between your device and our servers. This ensures that data transmitted over the internet is encrypted and protected from interception.

Storage Security

Sensitive data, including passwords, is encrypted at rest using industry-standard encryption algorithms. Passwords are hashed and cannot be recovered even by our administrators.

Authentication & Access Control

Strong Authentication

  • User accounts are protected by strong password requirements
  • Two-factor authentication (2FA) is available for enhanced security
  • Session management with automatic timeout for inactive accounts

Access Control

  • Role-based access control (RBAC) limits user permissions
  • Admin accounts have additional security measures
  • Regular access audits to identify unauthorized access

Vulnerability Management

Regular Security Audits

We conduct regular security assessments and penetration testing to identify and address vulnerabilities before they can be exploited.

Responsible Disclosure

If you discover a security vulnerability, please report it to us immediately at ythushmitha@gmail.com. We will investigate all reports and work to resolve issues promptly.

Security Updates

We promptly patch known vulnerabilities and apply security updates to all systems.

Data Protection Practices

Data Minimization

We collect only the minimum personal information necessary to provide our services. We do not share your data with third parties without your explicit consent.

Data Retention

Personal data is retained only as long as necessary. Users can request data deletion in compliance with applicable laws.

Backup & Recovery

  • Regular backups are performed to prevent data loss
  • Backup data is encrypted and stored securely
  • Disaster recovery procedures are in place

Threat Detection & Incident Response

Monitoring & Detection

  • 24/7 monitoring of systems for suspicious activity
  • Automated alerts for potential security threats
  • Log analysis to detect intrusion attempts

Incident Response Plan

In the event of a security incident:

  • Immediate investigation and containment
  • Notification to affected users within 48 hours
  • Cooperation with law enforcement if necessary
  • Post-incident analysis to prevent recurrence

API & Integration Security

Secure APIs

  • All APIs use token-based authentication
  • Rate limiting to prevent abuse
  • API keys are rotated regularly

Third-Party Integrations

We carefully vet all third-party services and integrations. Third parties are required to meet our security standards.

Your Security Responsibilities

While we implement robust security measures, your cooperation is essential:

  • Strong Passwords: Use unique, complex passwords for your account
  • Keep Credentials Private: Never share your password or login information
  • Enable 2FA: Activate two-factor authentication for additional security
  • Report Suspicious Activity: Immediately report unauthorized access attempts
  • Use Secure Networks: Avoid accessing your account on public WiFi
  • Keep Software Updated: Ensure your browser and devices are up-to-date

Compliance & Standards

AP.LK Resources complies with:

  • GDPR - General Data Protection Regulation (EU)
  • CCPA - California Consumer Privacy Act
  • OWASP - Open Web Application Security Project standards
  • ISO 27001 - Information Security Management standards

Security Awareness & Education

Our team receives regular security training and awareness programs to ensure best practices are followed. We educate our staff about:

  • Phishing and social engineering attacks
  • Password security and credential management
  • Data handling and privacy regulations
  • Incident reporting procedures

Report a Security Issue

If you discover a security vulnerability or have security concerns, please contact us immediately:

  • Email: ythushmitha@gmail.com
  • Telegram: @itzyasiru
  • Response Time: We aim to respond within 24 hours

Note: Please do not publicly disclose security vulnerabilities. Help us keep your data safe by reporting issues privately.

Future Security Enhancements

We continuously work to improve our security posture. Planned enhancements include:

  • Implementation of biometric authentication
  • Enhanced threat detection AI/ML systems
  • Security audit certifications
  • Advanced DDoS protection
  • Zero-knowledge encryption options

Last Reviewed: May 2026

This Security Policy is subject to change. We recommend reviewing it periodically for updates.