Security Policy

Last Updated: January 2026

1. Our Commitment to Security

Buffr Host is committed to protecting your data and maintaining the highest security standards. We implement industry-leading security measures to safeguard your information and ensure platform integrity.

2. Data Encryption

2.1 Data in Transit

All data transmitted between your device and our servers is encrypted using:

  • TLS 1.3 (Transport Layer Security) for all connections
  • Strong cipher suites and perfect forward secrecy
  • Certificate pinning where applicable

2.2 Data at Rest

All stored data is encrypted using:

  • AES-256 encryption for databases
  • Encrypted backups with separate encryption keys
  • Secure key management systems

2.3 Payment Data

Payment information is processed through PCI-DSS compliant payment processors. We do not store full credit card numbers on our servers.

3. Access Controls

3.1 Authentication

  • Strong password requirements (minimum complexity)
  • Multi-factor authentication (MFA) available
  • Session management with automatic timeout
  • Secure password hashing (bcrypt with appropriate rounds)

3.2 Authorization

  • Role-based access control (RBAC)
  • Principle of least privilege
  • Multi-tenant data isolation
  • Regular access reviews and audits

3.3 Employee Access

  • Background checks for employees with data access
  • Regular security training
  • Access logging and monitoring
  • Strict need-to-know access policies

4. Infrastructure Security

4.1 Hosting and Infrastructure

  • Enterprise-grade cloud infrastructure
  • Regular security updates and patches
  • Network segmentation and firewalls
  • DDoS protection and mitigation
  • Intrusion detection and prevention systems

4.2 Monitoring and Logging

  • 24/7 security monitoring
  • Automated threat detection
  • Comprehensive audit logs
  • Real-time alerting for suspicious activity

5. Application Security

5.1 Secure Development

  • Secure coding practices and standards
  • Regular security code reviews
  • Automated vulnerability scanning
  • Penetration testing

5.2 Protection Against Common Threats

  • SQL injection prevention (parameterized queries)
  • Cross-site scripting (XSS) protection
  • Cross-site request forgery (CSRF) tokens
  • Input validation and sanitization
  • Rate limiting and abuse prevention

6. Data Backup and Recovery

  • Regular automated backups (daily)
  • Encrypted backup storage
  • Geographically distributed backups
  • Regular backup restoration testing
  • Disaster recovery procedures

7. Incident Response

In the event of a security incident, we:

  • Immediately investigate and contain the threat
  • Assess the scope and impact
  • Notify affected users and authorities as required by law
  • Remediate vulnerabilities
  • Conduct post-incident review and improvements

See our Privacy Policy for details on data breach notification procedures.

8. Third-Party Security

We carefully vet all third-party service providers and require:

  • Security certifications and compliance
  • Data processing agreements (DPAs)
  • Regular security assessments
  • Compliance with applicable data protection laws

9. Compliance and Certifications

We maintain compliance with:

  • GDPR (General Data Protection Regulation)
  • Namibia Data Protection Bill (when enacted)
  • Namibia Electronic Transactions Act 2019
  • Industry security best practices
  • PCI-DSS standards (for payment processing)

10. Your Security Responsibilities

While we implement strong security measures, you also play a role in protecting your account:

  • Use a strong, unique password
  • Enable multi-factor authentication (MFA)
  • Keep your login credentials confidential
  • Log out when using shared devices
  • Report suspicious activity immediately
  • Keep your devices and browsers updated

11. Security Updates

We regularly update our security measures and will notify you of:

  • Significant security improvements
  • New security features
  • Important security advisories
  • Required actions on your part

12. Reporting Security Issues

If you discover a security vulnerability, please report it responsibly:

Email: security@buffrhost.com
Subject: Security Vulnerability Report

Please include:

  • Description of the vulnerability
  • Steps to reproduce (if applicable)
  • Potential impact
  • Your contact information

We appreciate responsible disclosure and will respond promptly. Please do not publicly disclose vulnerabilities until we have addressed them.

13. Contact Us

For security-related questions or concerns:

Security Team
Buffr Host
Email: security@buffrhost.com
Address: Windhoek, Namibia

14. Related Policies

This Security Policy should be read together with:

  • Privacy Policy
  • Terms of Service