Security Policy
Last Updated: December 27, 2025
Skovren ("we," "our," or "us") is committed to protecting the security of our platform, systems, and the data entrusted to us by our users, clients, and partners. This Security Policy describes the technical and organizational measures we implement to safeguard information and maintain the integrity, availability, and confidentiality of our services accessible at skovren.biz.
By using our platform, you acknowledge that you have read and understood this Security Policy.
1. Scope
This policy applies to all systems, infrastructure, applications, and data managed or operated by Skovren, including our web platform, APIs, internal tools, and any third-party services integrated into our operations. It covers all employees, contractors, vendors, and users who interact with our systems.
2. Information We Protect
We apply security controls to all categories of information processed through our platform, including but not limited to:
- Account credentials and authentication data
- Personal identification information provided during registration or use
- Payment and billing information
- Course progress, learning records, and session data
- Communications between users and instructors
- Technical and usage data collected during platform interaction
3. Data Transmission Security
All data transmitted between your device and our servers is encrypted using industry-standard Transport Layer Security (TLS). We enforce HTTPS across all pages and endpoints. Unencrypted HTTP connections are automatically redirected to secure HTTPS equivalents.
We regularly review and update our TLS configurations to maintain compatibility with current cryptographic standards and to deprecate outdated or vulnerable cipher suites.
4. Data Storage Security
Data stored on our systems is protected through the following measures:
- Encryption at rest for sensitive data categories using strong encryption algorithms
- Access controls that restrict data access to authorized personnel only
- Logical separation of user data to prevent unauthorized cross-account access
- Regular integrity checks to detect unauthorized modifications
5. Access Control
5.1 User Access
Each user account is protected by credential-based authentication. We support and encourage the use of strong, unique passwords. Password storage uses cryptographic hashing with salting. Users are responsible for maintaining the confidentiality of their login credentials and must not share account access with unauthorized individuals.
5.2 Administrative Access
Access to internal systems and administrative interfaces is restricted to authorized personnel based on the principle of least privilege. Multi-factor authentication is required for all administrative accounts. Access permissions are reviewed regularly and revoked promptly upon role changes or termination of employment.
5.3 Third-Party Access
Vendors and third-party service providers are granted only the minimum level of access necessary to perform contracted services. All third-party access is governed by contractual obligations that include security and confidentiality requirements.
6. Authentication and Session Management
Our platform implements secure session management practices, including:
- Session tokens generated using cryptographically secure methods
- Automatic session expiration after periods of inactivity
- Secure and HttpOnly flags applied to authentication cookies
- Invalidation of sessions upon logout or password change
- Rate limiting on login attempts to mitigate brute-force attacks
7. Infrastructure Security
7.1 Network Security
Our infrastructure is protected by firewalls, intrusion detection systems, and network segmentation. Access to production environments is restricted to authorized personnel through secure, audited pathways. We monitor network traffic for anomalous patterns and potential threats.
7.2 Server and Application Security
We maintain a patch management process to ensure operating systems, application frameworks, and third-party libraries are updated in a timely manner following the release of security patches. Server configurations follow security hardening guidelines, and unnecessary services or ports are disabled.
7.3 Cloud and Hosting Providers
Our infrastructure is hosted with reputable cloud providers that maintain internationally recognized security certifications. We leverage their native security capabilities while applying our own additional controls at the application and data layer.
8. Vulnerability Management
We conduct periodic vulnerability assessments and security testing of our platform and infrastructure. Identified vulnerabilities are triaged based on severity and remediated according to defined timelines. Critical vulnerabilities are addressed on a priority basis as soon as practicable.
We also operate a responsible disclosure process. If you believe you have discovered a security vulnerability in our platform, we encourage you to report it to us promptly at [email protected]. We ask that you do not publicly disclose the issue until we have had a reasonable opportunity to investigate and remediate.
9. Security Monitoring and Logging
We maintain detailed logs of system activity, access events, and security-relevant actions across our infrastructure. These logs are stored securely and reviewed as part of ongoing security monitoring. Automated alerting is in place to notify our team of suspicious or anomalous activity. Log data is retained for a defined period consistent with our operational and legal obligations.
10. Incident Response
We maintain an incident response plan to guide our actions in the event of a security incident. Our response process includes the following phases:
- Detection and identification — Recognizing and confirming the nature and scope of the incident
- Containment — Limiting the impact and preventing further unauthorized access or damage
- Eradication — Removing the root cause of the incident from affected systems
- Recovery — Restoring affected systems and services to normal operation
- Post-incident review — Analyzing the incident to improve future prevention and response
In the event of a security incident that affects user data, we will notify affected users in accordance with our obligations and applicable notification standards within a reasonable timeframe after the incident is confirmed.
11. Data Backup and Recovery
We maintain regular, automated backups of critical data and system configurations. Backups are stored securely, separate from primary systems, and are tested periodically to verify recoverability. Our recovery procedures are designed to restore services with minimal disruption in the event of data loss, corruption, or infrastructure failure.
12. Employee Security Practices
All employees and contractors with access to our systems are subject to security awareness training upon onboarding and on an ongoing basis. Our internal policies address acceptable use of systems, handling of sensitive data, password management, and procedures for reporting suspected security incidents. Background checks are conducted for personnel in roles with significant access to sensitive systems or data, where permissible.
13. Third-Party and Supply Chain Security
We evaluate the security posture of third-party vendors and service providers before integration and on a periodic basis thereafter. Vendors handling user data are required to maintain appropriate security standards. We review the open-source components and dependencies used in our platform and monitor them for known vulnerabilities.
14. Physical Security
Our operations are conducted primarily through cloud-based infrastructure hosted in facilities that maintain physical access controls, environmental protections, and on-site security measures. Physical access to our own office premises is restricted to authorized personnel. Sensitive materials and devices are stored securely and disposed of through approved methods when no longer needed.
15. Security of Communications
Internal communications involving sensitive information are conducted over encrypted channels. Email communications containing sensitive data are handled with care, and users are advised to exercise caution when sharing account or personal information via email. We will never request your password through email or any unsolicited communication.
16. User Responsibilities
Users of our platform share responsibility for maintaining account security. We ask that users:
- Create strong, unique passwords and do not reuse passwords from other services
- Keep login credentials confidential and do not share account access
- Log out of their accounts when accessing the platform from shared or public devices
- Keep the devices and browsers used to access our platform updated with current security patches
- Report any suspected unauthorized access to their account promptly to [email protected]
17. Cookies and Tracking Technologies
We use cookies and similar technologies to support secure session management, authentication, and platform functionality. Security-critical cookies are configured with appropriate security attributes to prevent interception or unauthorized access. For details on our use of cookies for non-security purposes, please refer to our Privacy Policy.
18. Compliance and Standards
We align our security practices with widely recognized information security frameworks and industry best practices. Our security program is reviewed and updated on an ongoing basis to reflect evolving threats, technological changes, and emerging standards. Where applicable, we work toward compliance with relevant data protection and security requirements.
19. Changes to This Policy
We may update this Security Policy from time to time to reflect changes in our practices, technology, or legal obligations. When we make material changes, we will update the "Last Updated" date at the top of this page. We encourage users to review this policy periodically. Continued use of our platform following the posting of changes constitutes acceptance of the revised policy.
20. Contact Us
If you have questions, concerns, or wish to report a security issue related to this policy or our platform, please contact us through any of the following:
| Method | Details |
|---|---|
| [email protected] | |
| Phone | +1 (418) 546-2177 |
| Mailing Address | 8060 Jones Rd #413, Richmond, BC V6Y 4K5, Canada |
| Website | skovren.biz/contact-support.html |
We take all security reports seriously and will respond as promptly as possible.