Security
How we protect your data
At Expora, security is integral to how we build and operate our product. This page summarizes the measures we take to protect your data and our systems. We regularly review and update our practices to align with industry standards and emerging threats.
1. Data protection
Encryption in transit. All traffic between your browser or client and our services is encrypted using TLS (HTTPS). We use strong cipher suites and keep our certificates and configurations up to date.
Encryption at rest. Where applicable, sensitive data at rest is encrypted using industry-standard methods. Access to production data stores is restricted and logged.
Access control. Access to systems and data is granted on a need-to-know basis. We use strong authentication, principle of least privilege, and review access rights periodically. Access to personal data is limited to authorized personnel and is audited.
2. Infrastructure and operations
Our services run on infrastructure operated by trusted providers with robust physical and network security. We apply security updates and patches in a timely manner, monitor for anomalies, and use automated checks where appropriate. We follow secure development practices, including review of code and dependencies, to reduce the risk of vulnerabilities in our product.
3. Incident response
We maintain procedures to detect, assess, and respond to security incidents. In the event of a breach that is likely to result in a risk to your rights and freedoms, we will notify affected users and relevant authorities as required by applicable law (e.g. GDPR). We also conduct post-incident reviews to improve our defenses.
4. Responsible disclosure
If you discover a security vulnerability in our product or infrastructure, we ask that you report it to us responsibly. Please do not exploit the issue or disclose it publicly before we have had a chance to address it. We will acknowledge your report, work to validate and remediate the issue, and will credit you for your responsible disclosure where appropriate (unless you prefer to remain anonymous). We do not pursue legal action against researchers who act in good faith and in accordance with this policy. You can reach us at partnerships@expora.io or through the contact options on our website.
5. Your role
You can help keep your data secure by using a strong, unique password (where accounts are used), keeping your credentials private, and being cautious of phishing. If you suspect unauthorized access to your account or data, please contact us immediately.
6. Contact
For security-related questions or to report a vulnerability, contact Expora at partnerships@expora.io or via the contact options on our website.