Over 10 years we help companies reach their financial and branding goals. Engitech is a values-driven technology agency dedicated.

Gallery

Contacts

411 University St, Seattle, USA

engitech@oceanthemes.net

+1 -800-456-478-23

Twitter Facebook-f Pinterest-p Instagram

Security & Incident Response Policy

Effective Date: 15-Jan-2026
Last Updated: 15-Jan-2026

Cafiot (“we”, “our”, “us”) is committed to protecting the confidentiality, integrity, and availability of user data and platform services. This Security & Incident Response Policy outlines the security measures we implement and how we respond to security incidents.

This Policy complements our Privacy Policy, Terms & Conditions, Data Safety & Processing Disclosure, and other applicable policies.

  1. Security Principles

Cafiot’s security program is guided by the following principles:

  • Least privilege access — access limited to what is strictly necessary
  • Defense in depth — multiple layers of security controls
  • Privacy by design — data minimization and protection by default
  • Continuous monitoring — proactive detection of threats
  • Rapid response — timely containment and mitigation of incidents
  1. Technical Security Measures

2.1 Infrastructure Security

  • Cloud infrastructure hosted on secure, industry-standard platforms (e.g., Google Firebase)
  • Secure network segmentation and access controls
  • Regular infrastructure updates and patching

2.2 Data Protection

  • Encryption in transit using HTTPS/TLS
  • Encryption at rest for stored data
  • No storage of third-party media files
  • No storage of payment card information

2.3 Authentication & Access Control

  • Secure authentication mechanisms (OAuth, email/password, phone login where enabled)
  • Role-based access control for internal systems
  • Multi-factor authentication for administrative access
  • Firebase App Check to prevent unauthorized or automated abuse
  1. Application Security
  • Secure coding practices followed throughout development
  • Regular review of dependencies and third-party libraries
  • Input validation and rate limiting to prevent abuse
  • Monitoring for unusual activity or vote manipulation
  1. Monitoring & Detection

Cafiot actively monitors:

  • Application performance and anomalies
  • Unauthorized access attempts
  • Abuse patterns and manipulation attempts
  • System errors and crash reports

Alerts are reviewed by authorized personnel.

  1. Incident Response Framework

A security incident includes any event that compromises or threatens:

  • Confidentiality of user data
  • Integrity of the platform
  • Availability of services

5.1 Incident Response Steps

  1. Identification – Detect and confirm the incident
  2. Containment – Limit the scope and impact
  3. Investigation – Analyze root cause and affected systems
  4. Mitigation – Apply fixes and safeguards
  5. Recovery – Restore normal operations
  6. Post-Incident Review – Improve controls and processes
  1. User & Regulatory Notification

Where required by law, Cafiot will:

  • Notify affected users without undue delay
  • Notify relevant regulatory authorities
  • Provide information on the nature of the incident and mitigation steps

Notification timelines will follow applicable laws, including GDPR and local data protection regulations.

  1. Data Breach Handling

In the event of a confirmed data breach:

  • Access to affected systems may be temporarily restricted
  • Credentials may be reset where necessary
  • Additional security measures may be enforced
  • Users may be advised on protective actions
  1. Employee & Contractor Security
  • Access limited to authorized personnel
  • Confidentiality obligations apply to all team members
  • Security awareness is part of operational practices
  • Access is revoked promptly upon role change or exit
  1. Third-Party Security

Cafiot uses vetted third-party service providers subject to:

  • Contractual confidentiality obligations
  • Security and data protection requirements
  • Ongoing evaluation

Cafiot is not responsible for security practices of third-party platforms linked within the app.

  1. Limitations

While Cafiot takes reasonable and appropriate security measures:

  • No system can be guaranteed 100% secure
  • Users acknowledge inherent risks of internet-based services
  1. Policy Updates

This Policy may be updated periodically to reflect evolving security practices and regulatory requirements. Updates will be posted with a revised “Last Updated” date.

  1. Contact Information

For security concerns or incident reporting:

📧 contact@cafiot.com

Important Clarification

Cafiot is a media awareness and reporting platform, not a security monitoring service or certification authority.