Security at The Loremi
Your security is our top priority. We implement industry-leading security measures to protect your data and ensure the integrity of our services.
Data Encryption
We use state-of-the-art encryption to protect your data both in transit and at rest:
- In Transit: All data transmitted between your browser and our servers is encrypted using TLS 1.3 or higher
- At Rest: Sensitive data stored in our databases is encrypted using AES-256 encryption
- Key Management: Encryption keys are managed using industry-standard key management systems
- End-to-End Encryption: Available for sensitive communications and file transfers
Infrastructure Security
Our infrastructure is designed with security as a fundamental principle:
Physical Security
- Data centers with 24/7 monitoring and surveillance
- Biometric access controls
- Multiple layers of physical security
- Geographically distributed data centers for redundancy
Network Security
- Web Application Firewall (WAF) protection
- DDoS mitigation and protection
- Intrusion detection and prevention systems
- Network segmentation and isolation
- Regular security patching and updates
Access Control
We implement strict access controls to ensure only authorized personnel can access your data:
- Multi-Factor Authentication (MFA): Required for all user accounts
- Role-Based Access Control (RBAC): Users only have access to what they need
- Single Sign-On (SSO): Secure authentication across all services
- Session Management: Automatic timeout and secure session handling
- API Security: Secure API keys and OAuth 2.0 implementation
Security Team & Practices
Our dedicated security team works around the clock to protect your data:
- 24/7 Security Operations Center (SOC): Continuous monitoring and threat detection
- Regular Security Audits: Third-party penetration testing and vulnerability assessments
- Security Training: All employees undergo regular security awareness training
- Incident Response Team: Dedicated team for rapid response to security incidents
- Bug Bounty Program: Rewards for responsible disclosure of vulnerabilities
Compliance & Certifications
We maintain compliance with international security standards and regulations:
Standards
- ISO 27001 (Information Security)
- SOC 2 Type II
- PCI DSS (Payment Card Industry)
- NIST Cybersecurity Framework
Regulations
- GDPR (European Union)
- CCPA (California)
- HIPAA (Healthcare)
- Data Protection Laws
Data Breach Response
In the unlikely event of a security incident, we have comprehensive response procedures:
- Immediate Containment: Isolate and contain the incident to prevent further damage
- Assessment: Determine the scope and impact of the incident
- Notification: Notify affected users within 72 hours as required by law
- Remediation: Fix vulnerabilities and strengthen security measures
- Review: Conduct post-incident review and implement improvements
Security Best Practices for Users
Help us keep your account secure by following these best practices:
- Use a strong, unique password for your account
- Enable two-factor authentication (2FA)
- Keep your software and browsers up to date
- Be cautious of phishing emails and suspicious links
- Log out when using shared or public computers
- Report suspicious activity immediately
Reporting Security Issues
If you discover a security vulnerability or have concerns about our security practices, please contact us immediately:
Security Team Contact
Email: security@theloremi.com
PGP Key: Available on request
For urgent security issues, please include "URGENT: Security Issue" in your subject line.
We appreciate responsible disclosure and will acknowledge your report within 24 hours. Eligible reports may qualify for our bug bounty program rewards.
Regular Updates
This security page is regularly updated to reflect our current security practices. Last comprehensive review: January 2024
For more detailed information about our security practices or to request our security whitepaper, please contact our security team.