Security Policy
Last Updated: December 2, 2025
At Nelavirexon, we are committed to protecting the security and integrity of your data. This Security Policy outlines the measures we implement to safeguard your information and maintain the highest standards of security across our platform.
1. Information Security Framework
1.1 Security Standards
We maintain a comprehensive information security program designed to:
- Protect against unauthorized access to or use of your data
- Ensure the availability and integrity of our services
- Detect and respond to security incidents promptly
- Comply with applicable data protection regulations
- Continuously improve our security posture
1.2 Security Governance
Our security program is overseen by dedicated security professionals who regularly assess risks, update policies, and ensure compliance with industry best practices and standards.
2. Data Protection Measures
2.1 Encryption
We employ robust encryption protocols to protect your data:
- Data in Transit: All data transmitted between your device and our servers is encrypted using industry-standard TLS protocols
- Data at Rest: Sensitive data stored on our systems is encrypted using advanced encryption algorithms
- Password Protection: User passwords are hashed and salted using secure one-way cryptographic functions
2.2 Access Controls
We implement strict access control measures:
- Role-based access control limiting data access to authorized personnel only
- Multi-factor authentication for administrative access
- Regular access reviews and revocation of unnecessary permissions
- Principle of least privilege applied across all systems
- Automated session timeout for inactive users
2.3 Data Segregation
Customer data is logically segregated to prevent unauthorized cross-access between different user accounts and organizations.
3. Infrastructure Security
3.1 Hosting and Physical Security
Our services are hosted with reputable cloud infrastructure providers that maintain:
- 24/7 physical security monitoring and access controls
- Environmental controls for temperature and humidity
- Redundant power supplies and network connectivity
- Regular security audits and compliance certifications
3.2 Network Security
We protect our network infrastructure through:
- Firewall configurations restricting unauthorized network access
- Intrusion detection and prevention systems
- Regular vulnerability scanning and penetration testing
- Network segmentation isolating critical systems
- DDoS protection mechanisms
3.3 Application Security
Our applications are developed and maintained with security in mind:
- Secure coding practices following industry standards
- Regular security code reviews and static analysis
- Third-party security assessments and audits
- Prompt patching of identified vulnerabilities
- Input validation and sanitization to prevent injection attacks
4. Operational Security
4.1 Monitoring and Logging
We maintain comprehensive monitoring and logging systems to:
- Detect suspicious activities and potential security incidents
- Track access to sensitive data and systems
- Generate alerts for security-relevant events
- Support incident investigation and forensic analysis
- Retain logs for appropriate periods as required
4.2 Backup and Recovery
We implement robust backup procedures including:
- Regular automated backups of critical data
- Encrypted backup storage in geographically diverse locations
- Tested disaster recovery and business continuity plans
- Defined recovery time objectives for service restoration
4.3 Change Management
All changes to production systems follow a controlled process involving review, testing, and approval to minimize security risks.
5. Personnel Security
5.1 Employee Screening
We conduct appropriate background checks on employees with access to sensitive systems or data, in accordance with applicable laws.
5.2 Security Training
All personnel receive regular security awareness training covering:
- Data protection principles and responsibilities
- Recognizing and reporting security threats
- Secure handling of sensitive information
- Social engineering and phishing awareness
- Incident response procedures
5.3 Confidentiality Obligations
All employees and contractors are bound by confidentiality agreements protecting customer data and proprietary information.
6. Vendor and Third-Party Security
6.1 Vendor Assessment
We carefully evaluate the security practices of third-party vendors and service providers before engagement, particularly those with access to customer data.
6.2 Contractual Safeguards
Our agreements with third parties include appropriate security and confidentiality obligations consistent with this policy.
6.3 Ongoing Monitoring
We regularly review the security posture of critical vendors to ensure continued compliance with our requirements.
7. Incident Response
7.1 Incident Management
We maintain a documented incident response plan that includes:
- Procedures for detecting and reporting security incidents
- Designated incident response team and escalation paths
- Containment, investigation, and remediation processes
- Communication protocols for affected parties
- Post-incident review and lessons learned
7.2 Notification
In the event of a security incident that affects your data, we will notify you promptly in accordance with applicable legal requirements and provide information about the incident and our response.
7.3 Continuous Improvement
We analyze security incidents to identify root causes and implement corrective actions to prevent recurrence.
8. Vulnerability Management
8.1 Regular Assessments
We conduct regular security assessments including:
- Automated vulnerability scanning of systems and applications
- Periodic penetration testing by qualified security professionals
- Security architecture reviews for new features and systems
- Compliance audits against relevant standards
8.2 Remediation
Identified vulnerabilities are prioritized based on risk and remediated according to defined timelines, with critical issues addressed immediately.
9. Compliance and Certifications
9.1 Regulatory Compliance
We maintain compliance with applicable data protection and security regulations relevant to our operations and services.
9.2 Industry Standards
Our security practices align with recognized industry frameworks and standards for information security management.
9.3 Regular Audits
We undergo periodic independent security audits to validate our controls and identify areas for improvement.
10. User Responsibilities
10.1 Account Security
Users are responsible for:
- Maintaining the confidentiality of account credentials
- Using strong, unique passwords
- Enabling multi-factor authentication when available
- Promptly reporting suspected unauthorized access
- Logging out after completing sessions on shared devices
10.2 Secure Usage
Users should:
- Access our services through secure networks
- Keep their devices and software updated with security patches
- Be cautious of phishing attempts and suspicious communications
- Not share access credentials with others
- Report security concerns to us immediately
11. Data Retention and Deletion
11.1 Secure Deletion
When data is deleted from our systems, we employ secure deletion methods to ensure it cannot be recovered or reconstructed.
11.2 Retention Periods
We retain data only as long as necessary for the purposes outlined in our Privacy Policy or as required by applicable laws.
12. Security by Design
Security considerations are integrated throughout our development lifecycle:
- Threat modeling during design phases
- Security requirements defined for new features
- Secure coding standards enforced
- Security testing included in quality assurance
- Privacy impact assessments for data processing activities
13. Transparency and Communication
13.1 Security Updates
We may update this Security Policy periodically to reflect changes in our practices, technologies, or legal requirements. Significant changes will be communicated to users.
13.2 Security Inquiries
If you have questions about our security practices or wish to report a security concern, please contact us:
- Email: contact@nelavirexon.com
- Phone: +27 51 401 2998
- Address: Vlei Rd, Hilton, Pietermaritzburg, 3245, South Africa
14. Responsible Disclosure
We welcome reports from security researchers who discover potential vulnerabilities in our systems. If you identify a security issue, please report it responsibly by contacting us directly rather than publicly disclosing it. We commit to:
- Acknowledge receipt of your report promptly
- Investigate and validate reported vulnerabilities
- Keep you informed of our progress
- Credit researchers who report valid issues (with permission)
- Take appropriate action to address confirmed vulnerabilities
15. Limitations
While we implement extensive security measures, no system can be completely secure. We cannot guarantee that unauthorized access, hacking, data loss, or breaches will never occur. We will, however, make reasonable efforts to protect your information and respond appropriately to any incidents.
16. International Data Transfers
If data is transferred across borders, we ensure appropriate safeguards are in place to protect your information in accordance with applicable data protection laws.
17. Commitment to Security
Security is a continuous process, not a destination. We are committed to:
- Staying informed about emerging threats and technologies
- Investing in security infrastructure and expertise
- Fostering a security-conscious culture throughout our organization
- Maintaining transparency with our users about our security practices
- Continuously improving our security posture
Your trust is essential to us, and we take our responsibility to protect your data seriously. We are dedicated to maintaining the security and privacy of your information as we provide our services.
Contact Information:
For any security-related questions or concerns, please reach out to us:
- Email: contact@nelavirexon.com
- Phone: +27 51 401 2998
- Viber: Chat on Viber