Security Policy
Last updated: December 24, 2025
Mexquant Labs is committed to protecting the security of its platform, systems, and the data entrusted to us by learners, educators, and partners. This Security Policy describes the measures we take to safeguard information and outlines responsibilities shared between Mexquant Labs and users of the platform available at mexquantlabs.com.
1. Scope
This policy applies to all digital systems, infrastructure, applications, and data assets operated or maintained by Mexquant Labs, including the online learning platform, administrative tools, communication channels, and any third-party integrations used to deliver our services.
2. Data Protection Principles
We handle all personal and sensitive data in accordance with the following principles:
- Data is collected only for specified, explicit, and legitimate purposes.
- Access to data is limited to personnel who require it to perform their duties.
- Data is retained only for as long as necessary to fulfil the purposes for which it was collected.
- Data accuracy is maintained through regular review and update procedures.
- All processing activities are documented and subject to periodic audit.
3. Infrastructure Security
3.1 Network Security
Our infrastructure is protected through multiple layers of network-level controls, including:
- Firewalls and intrusion detection systems monitoring inbound and outbound traffic.
- Network segmentation to isolate sensitive systems from public-facing services.
- Continuous monitoring for anomalous activity and unauthorized access attempts.
- Regular vulnerability assessments and penetration testing conducted by qualified personnel.
3.2 Server and Hosting Security
- All servers operate in hardened environments with unnecessary services and ports disabled.
- Operating systems and software dependencies are patched promptly following the release of security updates.
- Access to production systems is restricted to authorized administrators using multi-factor authentication.
- Audit logs are maintained for all administrative actions on critical systems.
3.3 Data Encryption
- All data transmitted between users and our platform is encrypted using TLS 1.2 or higher.
- Sensitive data stored on our systems is encrypted at rest using industry-standard encryption algorithms.
- Encryption keys are managed through secure key management practices and rotated on a defined schedule.
4. Application Security
4.1 Secure Development Practices
Security is integrated into every stage of our software development lifecycle:
- Developers receive training in secure coding practices relevant to their roles.
- Code changes undergo peer review before deployment to production environments.
- Automated static analysis tools are used to identify common vulnerability patterns during development.
- Third-party libraries and dependencies are evaluated for known vulnerabilities prior to integration.
4.2 Authentication and Access Control
- User accounts are protected by password requirements enforcing minimum length and complexity.
- Multi-factor authentication is available to all users and required for administrative roles.
- Session tokens are issued securely and invalidated upon logout or following periods of inactivity.
- Access permissions follow the principle of least privilege across all user roles.
4.3 Input Validation and Injection Prevention
- All user-supplied input is validated and sanitized before processing.
- Parameterized queries are used exclusively when interacting with databases.
- Output encoding is applied to prevent cross-site scripting vulnerabilities.
- Security headers are configured on all web responses to mitigate common browser-based attacks.
5. Access Management
Access to systems and data is governed by a formal access control policy that includes:
- Provisioning of access rights based on verified job requirements and authorization from appropriate management.
- Regular reviews of user access rights to ensure they remain appropriate and necessary.
- Immediate revocation of access upon termination of employment or change of role.
- Prohibition of shared or generic accounts for access to sensitive systems.
- Logging and monitoring of privileged account activity.
6. Incident Response
6.1 Detection and Reporting
We maintain processes for the timely detection and internal reporting of security incidents. All personnel are required to report suspected security events without delay through defined internal channels.
6.2 Response Procedure
Upon identification of a security incident, our response process includes:
- Immediate containment of the affected systems or data to limit further exposure.
- Investigation to determine the root cause, scope, and impact of the incident.
- Remediation of identified vulnerabilities or weaknesses that contributed to the incident.
- Documentation of the incident, response actions taken, and lessons learned.
- Notification of affected users and relevant parties where required and appropriate.
6.3 Reporting a Vulnerability
If you believe you have discovered a security vulnerability in our platform, we encourage responsible disclosure. Please contact us directly at help@mexquantlabs.com with a description of the issue. We are committed to acknowledging reports promptly and working to address confirmed vulnerabilities in a timely manner. We request that you refrain from publicly disclosing the vulnerability until we have had a reasonable opportunity to investigate and remediate it.
7. Third-Party Service Providers
Where we engage third-party service providers who process data on our behalf, we apply the following controls:
- Security capabilities and practices of providers are evaluated prior to engagement.
- Contractual obligations require third parties to maintain appropriate security standards.
- The scope of data shared with third parties is limited to what is strictly necessary.
- Third-party relationships are reviewed periodically to ensure ongoing compliance with our security requirements.
8. Physical Security
Physical access to facilities and equipment hosting platform systems is controlled through:
- Restricted access to data processing environments, limited to authorized personnel only.
- Use of hosting providers that maintain documented and audited physical security controls.
- Secure disposal procedures for hardware and storage media containing sensitive data.
9. Business Continuity and Backup
- Regular backups of critical data are performed and stored securely in geographically separate locations.
- Backup integrity is tested periodically to verify that data can be successfully restored.
- Business continuity plans are maintained to support recovery of platform services following a disruptive event.
- Recovery time and recovery point objectives are defined and reviewed as part of continuity planning.
10. Security Awareness and Training
All personnel with access to platform systems or user data receive security awareness training upon joining and on a regular ongoing basis. Training covers recognition of phishing and social engineering attempts, secure handling of data, password hygiene, and obligations under this policy. Personnel in technical roles receive additional training relevant to secure development and system administration.
11. User Responsibilities
Users of the Mexquant Labs platform share responsibility for maintaining the security of their accounts and interactions. Users are expected to:
- Choose strong, unique passwords and not share account credentials with others.
- Enable multi-factor authentication where it is available.
- Log out of sessions when using shared or public devices.
- Report any suspected unauthorized access to their account promptly to help@mexquantlabs.com.
- Refrain from attempting to probe, test, or exploit vulnerabilities in the platform without explicit authorization.
12. Policy Review and Updates
This Security Policy is reviewed at least annually and following any significant change to our systems, services, or threat landscape. Updates to this policy will be published on this page with a revised effective date. Continued use of the platform following the publication of updates constitutes acceptance of the revised policy.
13. Contact
For questions, concerns, or reports relating to the security of our platform, please contact us:
- Email: help@mexquantlabs.com
- Phone: +380 67 373 71 78
- Address: Rivnens'ka St, 107/2, Lutsk, Volyn Oblast, Ukraine, 43020