Security Policy

Introduction

At SlyAcademy, we take the security of our website and the protection of our users’ data very seriously. This Security Policy outlines the measures we implement to safeguard the integrity, availability, and confidentiality of the SlyAcademy platform and any personal information we hold. While no website is 100% immune to security risks, we are committed to following best practices and continually improving our defenses against threats.

Data Security Measures

Encryption in Transit: All communication between your browser and the SlyAcademy website is encrypted using Secure Sockets Layer (SSL) / Transport Layer Security (TLS) protocols. You’ll notice that our URL begins with https:// — this indicates that data (like login credentials or form inputs) is transmitted securely, preventing eavesdropping by third parties on the network. Always ensure you see the padlock icon in your browser when interacting with our site, especially when submitting information.

Encryption at Rest: Where feasible, sensitive information in our databases is encrypted at rest. For example, passwords are never stored in plain text – they are hashed with strong algorithms. This means even in the unlikely event of unauthorized database access, passwords would not be easily retrievable. Other sensitive fields may be encrypted or hashed as appropriate.

Firewalls and Monitoring: Our servers are protected by network firewalls that filter out unauthorized and malicious traffic. We use security monitoring and intrusion detection systems to alert us of unusual activities. Regular logging of access and actions helps us audit and analyze incidents if they occur.

Secure Hosting Environment: We host SlyAcademy with reputable hosting providers that maintain high security standards, including physical security of data centers and robust infrastructure defenses. They frequently update and patch the server operating systems and related software to address new vulnerabilities.

Regular Updates and Patching: Our web application, including any third-party libraries or frameworks we use, is kept up-to-date. We apply security patches as soon as practicable after they are released and tested. This reduces the risk of known exploits being used against our platform.

Backups: We perform regular backups of critical data to ensure that we can recover in case of data loss incidents (like hardware failure or a security breach that affects data integrity). Backups are encrypted and stored securely. We also periodically test our backup restoration process to confirm data can be recovered.

Payment Security

As noted in our Privacy Policy and Refund Policy, we rely on third-party payment processors for handling donations. These processors (such as Stripe, PayPal, or others we may use) are PCI-DSS compliant, meaning they adhere to the Payment Card Industry’s stringent security standards for processing payment card information. When you enter your payment details on SlyAcademy, that information is transmitted directly to the payment processor over an encrypted connection; we do not store your full credit card number or CVV on our servers.

Our site only receives confirmation information (like a transaction ID, last four digits of the card, etc.) from the payment processor. We also secure any communication with these providers through API keys and secure protocols to prevent interception or tampering.

Access Controls and Employee Practices

Access to SlyAcademy’s systems and data is restricted based on the principle of least privilege:

  • Only team members who need access to personal data or system functions to perform their duties are granted access, and even then, only to what is necessary. For example, our support staff can view your account details if needed to assist you, but they cannot view your password (since it’s hashed) or your payment card info (which we don’t store).

  • Administrative access to servers, databases, and sensitive tools is limited to a very small number of administrators. These accounts are secured with strong, unique passwords and, where possible, two-factor authentication (2FA) to add an extra layer of security.

  • We maintain logs of administrative access and changes. Actions taken by admins in critical systems are auditable.

All team members and any contractors are educated about our security policies and privacy obligations. They are required to follow confidentiality agreements. Before hiring, we may conduct background checks as permitted by law for roles that will handle sensitive information.

If a staff member no longer needs access or leaves our team, their access is revoked promptly as part of our offboarding procedure.

Vulnerability Management and Testing

We conduct periodic security assessments of our website. This may include:

  • Vulnerability Scans: Automated tools that scan our site for known vulnerabilities or misconfigurations.

  • Penetration Testing: From time to time, we may engage security professionals to perform penetration tests, simulating attacks to find weaknesses so we can fix them proactively.

  • Code Review: Our development practices include code reviews, which involve checking code for security issues (like SQL injection, XSS vulnerabilities, etc.) before deployment. Secure coding guidelines are followed.

We stay informed about security news and alerts. If a major vulnerability (such as a widespread library vulnerability or a new type of cyber threat) is announced, we act quickly to assess and mitigate any potential impact on SlyAcademy.

User Responsibilities and Tips

Security is a shared responsibility. Here’s how you can help keep your account and our community safe:

  • Account Security: If you create an account on SlyAcademy, choose a strong, unique password that you do not reuse on other websites. A strong password is typically at least 12 characters long and includes a mix of letters, numbers, and symbols. Consider using a reputable password manager to help generate and store passwords.

  • Protect Your Credentials: Do not share your account credentials with anyone. We will never ask you for your password via email, phone, or chat. If you receive any communication pretending to be from SlyAcademy that asks for your password, treat it as a scam/phishing attempt.

  • Logout on Shared Devices: If you access SlyAcademy from a public or shared computer (like a library or school computer), be sure to log out and close the browser when you’re done to prevent others from accessing your account.

  • Update Your Software: Keep your own devices secure by maintaining updated antivirus software, using the latest versions of web browsers, and applying operating system updates. Sometimes attackers target vulnerabilities in users’ browsers or plugins; keeping them updated reduces that risk.

  • Beware of Phishing: Be cautious of emails or messages that appear to come from SlyAcademy but ask for personal information or direct you to a suspicious website. Verify that emails from us come from our official domain (e.g., @slyacademy.com). When in doubt, manually type our website URL into your browser rather than clicking a link.

Incident Response and Breach Notification

Despite all precautions, if a security incident occurs, we have a response plan:

  • We will investigate the incident immediately, contain it, and mitigate any harm. This might involve taking the site offline temporarily if needed, patching a vulnerability, restoring backups, etc.

  • We will assess the scope of the incident—specifically, whether personal data was compromised. If we confirm that a data breach has occurred which affects your personal information, we will notify you as soon as possible​. Notification will be done via email or prominent notice on our site (or by other means required by law). We will also inform any relevant regulatory authorities as required (for instance, under GDPR, we might notify a Data Protection Authority within 72 hours for significant breaches).

  • Our notification to you will include an overview of what happened (to the extent we know), what data was involved, what we are doing about it, and any steps you might need to take to protect yourself (like changing passwords). We’ll also provide contact details for further information and assistance.

We maintain logs and documentation of any incidents to learn from them and improve our security posture.

Responsible Disclosure (Vulnerability Reporting)

We appreciate the assistance of the security community and our users in identifying vulnerabilities. If you discover a potential security issue or vulnerability on SlyAcademy, we ask that you disclose it to us responsibly:

  • Please contact us immediately at [email protected] with the details of the issue. Include steps to reproduce if possible, so we can verify and understand the problem.

  • Do not publicly disclose the vulnerability until we have had a reasonable chance to address it. Early public disclosure can increase risk by alerting malicious actors before a fix is in place.

  • We will respond to your report and work on a fix. We may reach out for more information or to let you know when it’s resolved.

  • We may, if you desire, give credit to you for the discovery (such as listing your name in a hall of fame on our site), but that is optional. We cannot provide compensation or bounties at this time, but we greatly value your help in keeping SlyAcademy safe.

We pledge not to take legal action against those who discover and report security vulnerabilities to us in good faith, as long as they do not exploit the vulnerability beyond what is needed to demonstrate it, and give us an opportunity to remedy it.

Compliance and Standards

Our security practices align with industry standards and regulatory requirements where applicable:

  • For personal data, we adhere to GDPR’s requirement of appropriate technical and organizational measures to ensure a level of security appropriate to the risk.

  • For payment data, as mentioned, we rely on PCI-compliant processors and do not handle raw credit card info ourselves.

  • We also consider guidance from standards like ISO 27001 (information security management) as a reference for best practices, even though we might not be formally certified.

Updates to this Security Policy

We may update this Security Policy from time to time to reflect changes in our security practices or in response to evolving threats. The latest version will be posted on this page with the “last updated” date. Significant changes may also be communicated via our site or email.

We encourage users to review this page periodically to stay informed about how we are protecting our platform.

Contact and Questions

If you have any questions about our Security Policy or any concerns about the security of SlyAcademy, please contact us at:

We appreciate your trust in SlyAcademy and are committed to maintaining that trust by keeping our platform as secure as possible.

Last updated: April 23, 2025

Calculate Your AP Score
Support Us