Back to Policies

Security Policy

Last Updated: Tue Oct 21 2025

1. Introduction

At Varcsoft, we recognize the importance of security in our authentication platform. This Security Policy outlines the measures we take to protect your account and data, as well as recommendations for how you can help maintain security.

2. Data Protection

2.1 Encryption

We employ industry-standard encryption methods to protect your data:

  • All data transmitted between your browser and our servers is encrypted using TLS 1.3
  • Sensitive data, including passwords, are securely hashed using strong, modern algorithms
  • Authentication tokens are encrypted and split for enhanced security
  • Databases and backups are encrypted at rest

2.2 Data Storage

We follow strict guidelines for data storage:

  • Personal data is stored only as long as necessary for the purposes for which it was collected
  • Access to stored data is strictly limited to authorized personnel
  • Regular security audits and vulnerability assessments are conducted on our data storage systems

3. Authentication Security

3.1 Password Requirements

To ensure account security, we enforce the following password requirements:

  • Minimum of 8 characters
  • At least one uppercase letter
  • At least one lowercase letter
  • At least one number
  • At least one special character

3.2 Multi-Factor Authentication (MFA)

We strongly recommend enabling Multi-Factor Authentication for your account. MFA adds an additional layer of security by requiring:

  • Something you know (your password)
  • Something you have (e.g., a mobile device or hardware key)

We support various MFA methods, including authenticator apps, SMS verification, and hardware security keys.

3.3 Session Management

We implement secure session management practices:

  • Sessions expire after periods of inactivity
  • Each new login generates a new session token
  • Users can view and terminate active sessions from their account settings

4. Infrastructure Security

Our infrastructure is designed with security as a priority:

  • Regular security patches and updates are applied to all systems
  • Networks are segmented and protected by firewalls
  • Intrusion detection and prevention systems monitor for suspicious activity
  • Regular penetration testing is conducted by independent security experts

5. Security Monitoring and Incident Response

5.1 Continuous Monitoring

We maintain continuous monitoring of our systems:

  • Automated systems detect unusual account activity
  • Real-time alerts notify our security team of potential issues
  • Log analysis tools identify patterns that may indicate security threats

5.2 Incident Response

In the event of a security incident:

  • Our dedicated incident response team follows established procedures to address the issue
  • Affected users will be notified promptly if their data is compromised
  • Post-incident analysis is conducted to prevent similar issues in the future

6. User Security Recommendations

We recommend the following practices to enhance your security:

  • Use unique passwords for different services
  • Enable Multi-Factor Authentication
  • Regularly review your account activity
  • Keep your email address and recovery information up to date
  • Be vigilant about phishing attempts
  • Log out from shared devices

7. Security Updates and Changes

We continuously improve our security measures based on evolving threats and technologies. We may update this Security Policy from time to time to reflect changes in our practices. When we make significant changes, we will notify users through our website or by email.

8. Contact Us

If you have any questions about our security practices or want to report a security vulnerability, please contact us at: security@Varcsoft.com

Last Updated: 10/21/2025