Bren Ulkad

Bren Ulkad

Encryption education for developers

Security Policy

Last Updated: March 1, 2026

1. Introduction

Bren Ulkad is committed to protecting the security and integrity of our educational platform and the personal information of our users. This Security Policy outlines the measures we implement to safeguard our systems, data, and services against unauthorized access, disclosure, alteration, or destruction.

This policy applies to all users of our platform, including learners, instructors, and administrators, as well as our employees and contractors who handle data on our behalf.

2. Information Security Principles

Our security framework is built on the following core principles:

Confidentiality: We ensure that information is accessible only to those authorized to have access.

Integrity: We maintain the accuracy and completeness of information and protect it from unauthorized modification.

Availability: We ensure that authorized users have reliable access to information and resources when needed.

3. Data Protection Measures

3.1 Encryption

We employ industry-standard encryption protocols to protect data both in transit and at rest. All data transmitted between your browser and our servers is encrypted using TLS 1.2 or higher. Sensitive data stored in our databases is encrypted using AES-256 encryption or equivalent standards.

3.2 Access Controls

Access to systems and data is granted on a need-to-know basis using role-based access control mechanisms. We implement multi-factor authentication for administrative accounts and sensitive operations. All access attempts are logged and monitored for suspicious activity.

3.3 Network Security

Our infrastructure is protected by enterprise-grade firewalls, intrusion detection systems, and intrusion prevention systems. We conduct regular network vulnerability assessments and penetration testing to identify and remediate potential security weaknesses.

3.4 Data Backup and Recovery

We maintain regular automated backups of all critical data. Backup data is encrypted and stored in geographically distributed locations to ensure business continuity in the event of a disaster. We regularly test our recovery procedures to verify data integrity and restoration capabilities.

4. Application Security

4.1 Secure Development Practices

Our development team follows secure coding practices and conducts security reviews throughout the software development lifecycle. We perform regular code audits and utilize automated security scanning tools to identify vulnerabilities before deployment.

4.2 Third-Party Security

We carefully evaluate the security practices of third-party service providers and vendors. All third parties with access to our systems or data must maintain security standards consistent with this policy and sign appropriate data protection agreements.

4.3 Patch Management

We maintain a rigorous patch management program to ensure that all systems, applications, and dependencies are kept up to date with the latest security patches. Critical security updates are applied promptly following appropriate testing procedures.

5. User Account Security

5.1 Password Requirements

User passwords must meet minimum complexity requirements, including a combination of uppercase and lowercase letters, numbers, and special characters. We enforce password expiration policies for administrative accounts and encourage all users to change passwords regularly.

5.2 Account Monitoring

We monitor user accounts for unusual activity, including multiple failed login attempts, access from unfamiliar locations, or suspicious behavior patterns. Users will be notified of significant account events, such as password changes or new device logins.

5.3 Session Management

User sessions are protected through secure session tokens and automatic timeout mechanisms. Sessions are terminated after a period of inactivity, and users must re-authenticate to resume their work.

6. Physical Security

Our data centers and facilities maintain strict physical security controls, including controlled access, surveillance systems, and environmental monitoring. Only authorized personnel have physical access to servers and network equipment. Visitor access is logged and monitored at all times.

7. Incident Response

7.1 Security Incident Management

We maintain a formal incident response plan to address security breaches or suspected breaches. Our incident response team is trained to quickly identify, contain, and remediate security incidents while preserving evidence and minimizing impact.

7.2 Breach Notification

In the event of a data breach that affects user information, we will notify affected users and relevant authorities in accordance with applicable laws and regulations. Notifications will include information about the nature of the breach, the data involved, and steps users should take to protect themselves.

7.3 Post-Incident Review

Following any security incident, we conduct a thorough post-incident review to identify root causes, assess our response effectiveness, and implement improvements to prevent similar incidents in the future.

8. Employee Security

8.1 Security Training

All employees and contractors receive security awareness training upon joining the organization and participate in ongoing training programs. Training covers topics such as data protection, password security, phishing awareness, and incident reporting.

8.2 Background Checks

We conduct appropriate background checks on employees and contractors who will have access to sensitive systems or data, in accordance with applicable laws and regulations.

8.3 Confidentiality Agreements

All employees and contractors sign confidentiality agreements that obligate them to protect the confidentiality and security of company and user information both during and after their employment or engagement.

9. Compliance and Auditing

We conduct regular internal security audits to assess compliance with this policy and identify areas for improvement. We also engage independent third-party auditors to perform periodic security assessments and certifications.

We maintain detailed logs of system access, changes, and security events. These logs are reviewed regularly and retained in accordance with our data retention policies and legal requirements.

10. Data Retention and Deletion

We retain user data only for as long as necessary to provide our services and fulfill the purposes outlined in our Privacy Policy. When data is no longer needed, we securely delete or anonymize it using methods that prevent recovery or reconstruction.

Users may request deletion of their accounts and associated data at any time, subject to our legal obligations to retain certain information for compliance purposes.

11. Security by Design

Security considerations are integrated into every stage of our product development and operational processes. We employ privacy-by-design and security-by-design principles to minimize data collection, limit access, and build robust protections into our systems from the ground up.

12. Reporting Security Vulnerabilities

We welcome reports of security vulnerabilities from security researchers and users. If you discover a potential security issue, please report it to us immediately at help@brenulkad.com. We request that you do not publicly disclose the vulnerability until we have had an opportunity to investigate and address it.

We are committed to working with security researchers in good faith and will not pursue legal action against individuals who report vulnerabilities responsibly and in accordance with this policy.

13. Limitations of Security

While we implement comprehensive security measures, no system can be completely secure. We cannot guarantee that unauthorized access, hacking, data loss, or other breaches will never occur. Users share responsibility for maintaining the security of their accounts by using strong passwords, protecting their login credentials, and reporting suspicious activity promptly.

14. Changes to This Policy

We may update this Security Policy from time to time to reflect changes in our practices, technologies, legal requirements, or other factors. We will post the updated policy on our website and indicate the date of the last update. Significant changes will be communicated to users through email or prominent notices on our platform.

Your continued use of our services after any changes to this policy constitutes acceptance of those changes.

15. Contact Information

If you have questions, concerns, or comments about this Security Policy or our security practices, please contact us:

Bren Ulkad
Voli Ave, 66
Lutsk, Volyn Oblast
Ukraine, 43000

Email: help@brenulkad.com
Phone: +380362460086


Commitment to Security

At Bren Ulkad, security is not just a technical requirement but a fundamental commitment to our users. We continuously invest in improving our security capabilities and remain vigilant against emerging threats. We appreciate your trust in our platform and are dedicated to protecting your information and maintaining a secure learning environment.