Information Security Policy
Commitment to security
BrainTech is committed to protecting the confidentiality, integrity and availability of all information we handle while developing software solutions, web applications and delivering IT services. Information security is an integral part of our business and a core principle in our relationship with clients.
The purpose of this policy is to ensure an appropriate level of protection for business and user data against unauthorized access, modification, loss or misuse.
Our principles
In our work we follow these principles:
- protection of clients' confidential information
- application of modern security standards
- access control for systems and data
- regular updates of software and server infrastructure
- minimization of security risks
- continuous improvement of security processes
Data protection
Data we manage is used solely for the purpose of delivering agreed services.
We implement appropriate technical and organizational measures to protect information against:
- unauthorized access
- data loss
- accidental modification or deletion
- misuse
- cyber attacks
Access control
Only authorized persons who need the data to perform their business activities have access to information.
Appropriate authentication methods, user account management and privilege control are applied.
Secure software development
When developing software solutions, we consider security from the very start of the project. This includes:
- user input validation
- protection against SQL injection and XSS attacks
- use of HTTPS communication
- protection of user accounts
- secure authentication
- proper session management
- regular updates of libraries in use
Server infrastructure
Systems we develop and maintain use appropriate security mechanisms such as:
- SSL/TLS encryption
- firewall protection
- regular data backup
- server monitoring
- access control for administrator accounts
- protection against known vulnerabilities
Backups
We regularly create data backups when this is part of the agreed service. Backup procedures enable fast system recovery in case of technical issues or data loss.
Confidentiality
All information we obtain during cooperation with clients is treated as confidential. Data is not shared with third parties except:
- with the client's consent
- when required by law
- when necessary to perform the agreed service
Incident management
In the event of a security incident, BrainTech takes appropriate measures to:
- identify the cause
- limit the impact
- resolve the issue
- prevent recurrence of similar situations
Clients will be notified promptly when necessary.
Continuous improvement
Information security is not a one-time process but an ongoing activity. We regularly follow new technologies, recommendations and security standards to improve the protection of our systems and services.
Responsibility
All BrainTech employees and partners are responsible for complying with this policy and applying appropriate information protection measures within their business activities.
Contact
If you have questions about information security or wish to report a security issue, you can contact us.
Email: hi@braintech.rs
Contact page: /en/contact