Security Policy Statement

Security is deeply embedded in our engineering culture. The AceProject application is built and maintained adhering to rigorous secure development lifecycles and modern coding standards.

Our dedicated DevOps team, along with cloud monitoring infrastructure, continuously reviews application activity logs, performance metrics, and system status.

Automated, external monitoring solutions immediately alert our on-call incident response team via real-time channels (including email and SMS) in the event of any service anomalies, ensuring near-instantaneous intervention.

AceProject is hosted entirely on the industry-leading Amazon Web Services (AWS) EC2 infrastructure. Physical data center security, environmental controls, and underlying hardware maintenance are managed directly by AWS, complying with premier global standards (including SOC 2, ISO 27001, and PCI-DSS).

Our environments are isolated and shielded against external threats, DDoS attacks, and unauthorized intrusions using advanced web application firewalls (AWS WAF) and perimeter access control lists (ACLs).

By leveraging AWS’s highly scalable, redundant, and secure global network, AceProject benefits from high-bandwidth delivery and automated failover capabilities.

All data in transit between user browsers and our application is encrypted using standard 256-bit TLS (Transport Layer Security) encryption, supported by automated certificate management via AWS Certificate Manager.

AceProject core environments utilize Enterprise Windows Server instances. Our patch management protocol ensures that:
– Application patches and internal hotfixes are applied continuously through automated deployment pipelines.
– Operating system updates are evaluated and deployed promptly upon release via Windows Update services.
– Third-party software components and library dependencies are audited regularly and patched to eliminate known vulnerabilities.

We implement strict data replication and business continuity practices to prevent data loss:

Hourly Replication: Customer database environments are replicated to secondary failover nodes every hour.

Nightly Backups: Complete database and critical state backups are generated nightly and securely transferred to geographically isolated Amazon S3 storage for disaster recovery purposes.

In the unlikely event of a confirmed security incident resulting in unauthorized data access, Websystems Inc. will trigger its Incident Response Plan. We pledge to notify affected accounts and organizations without undue delay and in full compliance with applicable data protection laws (such as Law 25 and GDPR).

We reserve the right to temporarily pause specific cloud application instances if necessary to isolate a threat, prioritize data containment, and implement permanent corrective measures.

Websystems Inc. maintains a strict zero-sharing policy: we never sell, lease, trade, or distribute client data or email lists to third parties under any circumstances.

Staff Access: Access to customer data by our support personnel is strictly restricted and limited solely to resolving technical issues, and only upon explicit customer request.

Access Control: User uploaded attachments and documents are stored within restricted system partitions. They are logically isolated, accessible only to authenticated users within your account instance.

Account Deletion: Upon permanent account closure, live database data is scrubbed from active environments. Historical backup cycles automatically purge remaining encrypted fragments within 30 days.

Legal Disclosure: We only disclose account information if compelled by a lawful court order, warrant, or valid judicial proceeding, following a thorough legal review.

If you believe you have discovered a security flaw or vulnerability within AceProject, please report it to us confidentially at security@aceproject.com.

We will investigate your report promptly to ensure the ongoing security of our community.