Security Policy

Last updated: April 1st 2025

Our Commitment to Security

At Causalpha, we are committed to protecting your data and maintaining the security of our platform. We understand the importance of safeguarding sensitive information and have implemented comprehensive security measures across our infrastructure, applications, and operations.

This Security Policy outlines our approach to security and the measures we take to protect your data.

Data Protection

We employ multiple layers of security to protect your data:

  • Encryption: All data is encrypted in transit using TLS/SSL and at rest using industry-standard encryption algorithms
  • Access Controls: Strict access controls ensure that only authorized personnel can access sensitive data
  • Data Isolation: Customer data is logically segregated to ensure separation between different clients
  • Regular Backups: We maintain regular backups of all data with secure, encrypted storage

Infrastructure Security

Our infrastructure is designed with security as a primary consideration:

  • Cloud Security: We utilize leading cloud providers with robust security certifications
  • Network Security: We employ firewalls, intrusion detection systems, and regular network scanning
  • DDoS Protection: Our platform includes protection against distributed denial-of-service attacks
  • Physical Security: Our infrastructure is hosted in facilities with 24/7 physical security, biometric access controls, and video surveillance

Application Security

Our platform is built with security in mind:

  • Secure Development: We follow secure coding practices and conduct regular code reviews
  • Vulnerability Management: Regular vulnerability assessments and penetration testing
  • Authentication: Strong authentication mechanisms, including multi-factor authentication options
  • Session Management: Secure session handling with automatic timeouts and invalidation

Operational Security

Our operational procedures are designed to maintain security at all times:

  • Security Monitoring: 24/7 monitoring for suspicious activities and security incidents
  • Incident Response: Documented incident response procedures with regular testing
  • Change Management: Formal change management processes to minimize risk
  • Vendor Management: Thorough security assessment of all third-party vendors

Compliance

We maintain compliance with relevant standards and regulations:

  • Data Protection: Compliance with UK GDPR and Data Protection Act 2018
  • Regular Audits: Independent security audits and assessments
  • Industry Standards: Adherence to industry best practices and security frameworks

Employee Security

Our team members are trained in security practices:

  • Background Checks: Comprehensive background checks for all employees
  • Security Training: Regular security awareness training for all staff
  • Access Control: Principle of least privilege access for all systems
  • Security Policies: Clear security policies and procedures for all employees

Security Updates and Patches

We maintain a proactive approach to security updates:

  • Regular security updates and patches for all systems
  • Timely application of critical security patches
  • Regular review of security advisories and vulnerabilities

Security Incident Reporting

If you discover a security vulnerability or have concerns about the security of our platform, please contact us immediately at [security@causalpha.com].

We take all security reports seriously and will investigate promptly.

Changes to Security Policy

We may update our Security Policy from time to time to reflect changes in our practices or for other operational, legal, or regulatory reasons. We will notify customers of significant changes to this policy.

Contact Us

If you have any questions about our security practices, please contact us:

  • By email: security@causalpha.com