Security Policy
Effective Date: April 1, 2024
Last Updated: February 2, 2025
Website: https://coursewingsportal.com/
1. Overview
CourseWingsPortal.com is committed to maintaining the highest standards of cybersecurity and data privacy. This Security Policy outlines the measures we take to protect user data, maintain system integrity, and ensure a safe and reliable learning environment.
2. Scope
This policy applies to:
-
All users of CourseWingsPortal.com (including students, educators, and administrators)
-
All data processed, stored, or transmitted through the platform
-
All systems, infrastructure, and connected services
3. Data Protection and Privacy
-
Encryption: We use strong encryption (TLS 1.2 or higher) to protect data during transmission. Sensitive data is also encrypted at rest using AES-256.
-
Authentication: Passwords are stored using secure cryptographic hashing algorithms. Optional two-factor authentication (2FA) is offered to enhance account security.
-
User Control: Users manage their own data and privacy preferences via their profile settings. No personal data is sold or shared without explicit consent.
4. Network and Infrastructure Security
-
Firewalls & Monitoring: All traffic is monitored through advanced firewalls and intrusion detection systems (IDS) to detect anomalies.
-
Role-Based Access Control (RBAC): Administrative functions are protected by RBAC and are limited to authorized personnel.
-
Patching & Updates: Our servers and software are routinely patched and updated to eliminate known vulnerabilities.
5. Application Security
-
Secure Development Lifecycle: We follow OWASP best practices, including secure coding, regular code reviews, and security testing.
-
Penetration Testing: External security audits and penetration tests are performed periodically.
-
Sanitization & Validation: All user inputs are validated and sanitized to prevent XSS, SQL injection, and other common attacks.
6. Incident Response
-
Reporting: Suspected security incidents should be reported immediately to: angelinaerstenuk0@gmail.com
-
Investigation & Containment: We respond promptly to all reports, isolate affected systems, and investigate the root cause.
-
Communication: Affected users will be notified of any data breaches or major incidents in accordance with regulatory requirements.
-
Post-Incident Measures: Lessons learned are used to reinforce our security posture.
7. Backup and Recovery
-
Data Backups: Daily backups are performed and securely stored in redundant, geographically separate data centers.
-
Disaster Recovery: We maintain a comprehensive disaster recovery plan, including regular simulations and failover strategies.
8. Third-Party Security
-
Vendor Risk Assessment: All third-party service providers (e.g., hosting, email, payment gateways) are vetted for compliance with our security standards.
-
Limited Data Sharing: Information shared with third parties is limited to the minimum necessary and protected by contractual agreements.
9. User Responsibilities
Users are expected to:
-
Maintain the confidentiality of their login credentials
-
Use strong and unique passwords
-
Report suspicious activity immediately
-
Follow platform guidelines and acceptable use policies
10. Legal Compliance
We adhere to international and regional data protection regulations, including:
-
General Data Protection Regulation (GDPR) for EU users
-
UK Data Protection Act 2018
-
California Consumer Privacy Act (CCPA) where applicable
11. Policy Review and Updates
This Security Policy is reviewed annually or as needed in response to:
-
Changes in applicable law
-
Emerging security threats
-
System architecture changes
12. Contact Information
For any security-related inquiries or reports, please contact us:
Email: angelinaerstenuk0@gmail.com
Phone: +44 7905 236301
Address:
47–48 Foxglove Way
London, Greater London
SM6 7JU, England
United Kingdom