Security Policy

Last Updated: 01.01.2026

MVP HOUSE LTD (“we”, “us”, “our”) is committed to maintaining a secure environment for all users of our SaaS platforms, micro-SaaS tools, and AI-driven products (“Services”). This Security Policy outlines the technical and organisational measures we implement to protect personal data and system integrity.

1. Security Principles

Our security framework is based on the following principles:

• Confidentiality — Preventing unauthorized access.
• Integrity — Preventing unauthorized changes.
• Availability — Ensuring continuous and reliable access.
• Resilience — Preparing for and recovering from incidents.

2. Data Encryption

2.1 In Transit

All data transmitted between users and our systems is encrypted using HTTPS with TLS 1.2+.

2.2 At Rest

Sensitive data stored in our systems is protected using encryption provided by hosting partners such as DigitalOcean or Vercel.

3. Access Control

• Role-based access control (RBAC) is enforced across internal systems.
• Administrative access is restricted to essential personnel only.
• Strong password requirements are enforced internally.
• Multi-factor authentication (MFA) is used where available.

4. Infrastructure & Network Security

• Hosting infrastructure is provided by trusted cloud partners such as Vercel, DigitalOcean, and Cloudflare.
• Firewalls, network isolation, and endpoint protection are enforced.
• DDoS protection is in place via Cloudflare’s global network.
• Regular security patches and updates are applied to systems.

5. Application Security

We apply industry-standard security practices:

• Secure coding standards
• Regular dependency and library updates
• Automated vulnerability scanning
• Regular internal security reviews

6. AI Security & Data Handling

• AI prompts and outputs are processed securely and transmitted only to approved AI providers.
• AI data is not used to train underlying models.
• AI outputs may be cached temporarily to improve performance, but not for user tracking.
• We prohibit the submission of sensitive or special category data unless contractually agreed.

7. Monitoring & Logging

• System performance and uptime are continuously monitored.
• Logs are maintained for security analysis and debugging purposes.
• Suspicious activity may lead to additional monitoring or access restrictions.

8. Backups & Disaster Recovery

• Automated backups are performed regularly for critical systems.
• Backup data is encrypted and stored in secure environments.
• Disaster recovery procedures ensure service continuity.

9. Incident Response

We have processes in place to respond rapidly to security incidents, including:

• Immediate containment and investigation
• Root-cause analysis
• Mitigation and patching
• Notification to affected users where required
• Regulatory reporting where legally obligated

10. Third-Party Risk Management

All third-party providers (Subprocessors) undergo security and compliance review.
A full list is available in our Subprocessors List.

11. Penetration Testing

We may conduct internal or third-party penetration tests when appropriate to evaluate system resilience.

12. User Responsibilities

Users must:

• Maintain strong passwords
• Protect login credentials
• Avoid submitting highly sensitive data unless agreed
• Report suspicious activity immediately

13. Reporting Security Issues

If you discover a vulnerability or security concern, please contact:
Email: [email protected]

We encourage responsible disclosure.

14. Policy Updates

This Security Policy may be amended to reflect evolving best practices. Continued use of our Services constitutes acceptance of the latest version.