Security Policy

Algroton takes the security of our systems and client data with the highest seriousness. Security is not an afterthought - it is embedded into every layer of our engineering and operations.

We apply defense-in-depth principles across all infrastructure we build and operate.

All data in transit is encrypted using TLS 1.2 or higher. Data at rest is encrypted using AES-256.

We implement zero-trust network architecture with strict identity-based access controls.

All infrastructure changes go through code review and automated security scanning.

We conduct regular penetration testing and vulnerability assessments.

Access to production systems is restricted to authorized personnel only, using multi-factor authentication.

We apply the principle of least privilege - no individual has more access than required for their role.

All access is logged and regularly audited.

We maintain a documented incident response plan and conduct regular drills.

In the event of a security incident affecting client data, we will notify affected parties within 72 hours in accordance with applicable regulations.

If you discover a security vulnerability in our systems, please report it to security@algroton.com.

We are committed to acknowledging reports within 48 hours and working to resolve confirmed issues promptly.