Security Policy

Last updated: 18 October 2025

1. Our Security Commitment

As a security audit company, we hold ourselves to the same standards we apply to our clients. Protecting the confidentiality and integrity of the code and data entrusted to us is our highest priority.

2. Technical Infrastructure

Encryption: All data in transit is protected via TLS 1.3. Data at rest is encrypted using AES-256.
Access Control: We employ Role-Based Access Control (RBAC) and Multi-Factor Authentication (MFA) for all system access.
Read-Only Operations: We never require write access to Client systems. All auditing is performed in a read-only or staging-first manner.

3. Audit Process Security

Non-Destructive Testing: All tests are explicitly non-destructive and rate-limited. We test on staging or sandbox environments.
Data Minimization: We collect only the minimum data necessary to perform the audit. Artifacts are purged according to an agreed retention schedule.
Logging: We log our actions during engagements to maintain a clear audit trail for the Client.

4. Personnel Security

All team members are bound by confidentiality and non-disclosure agreements.
Access to Client data is restricted to the engineers directly assigned to the engagement.

5. Responsible Disclosure

5.1 Safe Harbor

We will not pursue legal action against security researchers who:

Provide us a reasonable amount of time to resolve an issue before public disclosure.
Avoid privacy violations and do not exfiltrate or modify our data.
Act in good faith and do not cause harm to our users or services.

5.2 Reporting Process

If you discover a security vulnerability in our website or services, please submit your findings to contact@tycitensor.com. Reports should include a technical description and steps to reproduce the vulnerability.

We aim to acknowledge reports within 2 business days and provide an initial assessment within 5 business days.

6. Contact

For security-related inquiries, contact us at contact@tycitensor.com.