Security

Security Policy

How we protect client information and maintain platform security.

Effective Date: June 16, 2026

1. Security Program Overview

  • We apply administrative, technical, and operational safeguards to protect personal information.
  • Access to consultation data is limited to authorized roles with legitimate business needs.
  • Security controls are reviewed and improved as systems and risks evolve.

2. Infrastructure and Access Controls

  • Services are deployed on managed infrastructure with network and platform security controls.
  • Authentication and role-based authorization are used for internal administrative areas.
  • Rate limiting and request validation help reduce abuse and malicious traffic.

3. Data Protection

  • Data in transit is protected using HTTPS/TLS.
  • Sensitive data is stored and processed with restricted access and least-privilege principles.
  • File uploads are handled through controlled service workflows to reduce exposure risk.

4. Monitoring and Incident Response

  • Application logs and operational signals are monitored to identify suspicious activity.
  • Potential incidents are investigated, contained, and remediated as quickly as possible.
  • When required, affected users and relevant authorities are notified according to legal obligations.

5. Responsible Disclosure

  • If you discover a security issue, please report it promptly through the website contact channel.
  • Include clear reproduction details so we can validate and resolve the issue quickly.
  • Please do not exploit vulnerabilities or access data that does not belong to you.

6. Policy Updates

  • This policy may be updated from time to time to reflect security, legal, or operational changes.
  • The effective date at the top indicates the latest revision.