# Information Security Policy

## 1. Objective

The purpose of the Bypassec Information Security Policy is to ensure the protection of digital information, guarantee the integrity, confidentiality, and availability of user data, and protect the platform against cyber threats and incidents. Bypassec adopts industry best practices to mitigate risks and promote a secure environment for everyone involved in our Hacking Tournament platform.

## 2. Scope

This policy applies to all users, administrators, employees, and partners who access or interact with the Bypassec platform. It covers information security and the appropriate use of the company’s systems, data, and digital resources.

## 3. Information Security Principles

Bypassec is committed to respecting and protecting the core principles of information security:

* **Confidentiality**: Ensuring that information is accessible only to authorized individuals.
* **Integrity**: Safeguarding the accuracy and completeness of information and processing methods.
* **Availability**: Ensuring that systems and data are accessible and usable as required.
* **Authenticity** **and Non-Repudiation**: Validating user identities and the authenticity of transactions to ensure actions cannot be denied later.

## 4. Access and Authentication

4.1. All access to the platform and sensitive data will be protected by strong authentication, with Multi-Factor Authentication (MFA/2FA) established as a mandatory standard.

4.2. Accounts for administrators and users who handle sensitive data will have restricted and tiered permissions based on the principle of least privilege, ensuring access is limited to what is strictly necessary for each role.

4.3. Continuous access monitoring will be implemented to detect suspicious activity and prevent unauthorized access attempts.

## 5. Data Management

5.1. Bypassec collects and stores only the data strictly necessary for the operation of the platform and the Hacking Competition processes (Data Minimization).

5.2. All stored data is encrypted both in transit and at rest, utilizing robust encryption methods to protect personal information and sensitive data.

5.3. User data is classified and handled according to its sensitivity. Data retention will follow specific legal guidelines, ensuring the guaranteed deletion of obsolete or unnecessary data.

## 6. Protection against Threats and Risks

6.1. Bypassec regularly performs vulnerability assessments and penetration tests to identify and remediate security weaknesses within the platform.

6.2. A continuous security monitoring system is maintained to detect anomalous behavior and potential attack patterns.

## 7. Privacy and Personal Data Protection Policy

7.1. Bypassec adopts a rigorous privacy policy to ensure the protection of personal data, in compliance with applicable data protection laws, including the BVI Data Protection Act (2021), the General Data Protection Regulation (GDPR), and the General Data Protection Law (LGPD).

7.2. Users have access to their personal data and may request the correction, update, or deletion of their information as permitted by relevant legislation.

7.3. Personal data collected is used strictly for the purposes disclosed to the user and is never shared with third parties without explicit consent.

## 8. User Responsibilities

8.1. Users are responsible for maintaining the confidentiality of their access credentials and for using the platform in an ethical and secure manner.

8.2. Bypassec strongly recommends that users adopt secure browsing practices, such as using complex passwords, enabling multi-factor authentication, and avoiding password reuse.

8.3. Any suspicious activity, incident, or vulnerability identified by the user must be reported immediately to the Bypassec security team.

## 9. Compliance and Audit

9.1. Bypassec conducts periodic audits of its systems and processes to ensure compliance with security policies and regulatory requirements.

9.2. Audits include the review of security practices, log analysis, access policies, and incident handling procedures.

9.3. If a flaw or vulnerability is detected, Bypassec follows a rapid response process to remediate the issue and minimize potential impacts.

## 10. Training and Awareness

10.1. All Bypassec employees and administrators receive regular training on information security practices and policies.

## 11. Incident Response

11.1. In the event of a security incident, Bypassec maintains an incident response plan that includes:

* Identification and analysis of the incident
* Containment and impact mitigation
* Notification of users and authorities, where applicable
* Implementation of corrective measures to prevent recurrence

11.2. Significant incidents will be communicated publicly within Bypassec's documentation, maintaining transparency and a commitment to security.

## 12. Policy Review and Updates

12.1. This Information Security Policy will be reviewed periodically to ensure it remains current with new risks, technological advancements, or regulatory changes.

## 13. Final Provisions

By using Bypassec, the user acknowledges and agrees to the terms of this Information Security Policy. Adherence to these guidelines is fundamental to ensuring a secure and collaborative environment within the platform.

## Contact

For questions or requests related to information security, please contact the Bypassec security team at <mark style="color:$primary;"><contact@bypassec.com></mark>.

***


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://docs.bypassec.com/legal/information-security-policy.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.