Security Policy
1. Security Governance and Compliance
Maromel maintains a robust security framework designed to protect the confidentiality, integrity, and availability of our users' data. Our security practices are aligned with international standards, including NIST and SOC2 principles, and comply with the data protection regulations of the United States, the European Union (GDPR), and the State of Israel (Privacy Protection Regulations).
2. Data Encryption and Protection
2.1. Encryption in transit. All data transmitted between the user and our
servers is encrypted using industry-standard Transport Layer Security
(TLS).
2.2. Encryption at rest. Sensitive data stored on our systems is protected
using advanced encryption standards (AES-256) to prevent unauthorized
access.
2.3. Data isolation. We employ logical isolation techniques to ensure that
each user's data is strictly separated from other users within our
multi-tenant environment.
3. Infrastructure and Cloud Security
Our services are hosted on world-class cloud infrastructure providers (e.g., AWS, Google Cloud, or Azure) that maintain the highest physical and environmental security certifications (ISO 27001, SOC2 Type II). We utilize firewall protection, intrusion detection systems (IDS), and regular vulnerability scanning to safeguard our network perimeter.
4. Access Control and Authentication
4.1. Principle of least privilege. Access to internal systems is strictly
limited to authorized personnel who require it for their job functions.
4.2. User authentication. We provide and encourage the use of strong
password policies and support multi-factor authentication (MFA) to enhance
account security.
4.3. Credential safety. User passwords are never stored in plain text; we
use secure cryptographic hashing algorithms to protect your credentials.
5. Secure Software Development
We follow a Secure Software Development Life Cycle (S-SDLC). This includes regular code reviews, automated security testing, and maintaining a patched environment. We prioritize the mitigation of common vulnerabilities, such as those identified in the OWASP Top 10.
6. Incident Response and Business Continuity
Maromel maintains an incident response plan to ensure rapid identification and mitigation of any security event. In the event of a significant data breach, we will notify the relevant regulatory authorities and affected users in accordance with applicable laws (e.g., GDPR Article 33 and Israeli Privacy Protection Regulations).
7. Third-Party Security and AI Providers
We evaluate the security posture of our third-party AI and technology providers. While we utilize secure APIs from industry leaders, users acknowledge that data processed through third-party AI models is subject to the security policies of those providers. We do not use user data for training underlying third-party models without explicit consent.
8. User Responsibilities
Security is a shared responsibility. Users are responsible for maintaining the confidentiality of their login credentials, securing their own devices, and reporting any suspicious activity to info.maromel@gmail.com immediately.
9. Vulnerability Reporting
We welcome reports from security researchers regarding potential vulnerabilities in our system. If you believe you have found a security flaw, please contact us privately at info.maromel@gmail.com so we can address it promptly.