Security Policy

1. Our Commitment to Security

MainCore Technologies is committed to implementing the highest cybersecurity standards to protect the data of our clients and platform users. We adopt a multi-layered security approach that complies with international standards and the regulations of the National Cybersecurity Authority (NCA) in the Kingdom of Saudi Arabia.

2. Technical Security Measures

• Data Encryption:

  All data transmitted between your device and our servers is encrypted using TLS 1.3 protocol with trusted SSL certificates.

• Security Headers:

  We implement comprehensive HTTP security headers including Content Security Policy (CSP), Strict-Transport-Security (HSTS), X-Frame-Options, and X-Content-Type-Options.

• Attack Protection:

  Advanced protection systems against XSS, SQL Injection, CSRF, Path Traversal, and Bot Attacks.

• Rate Limiting:

  Intelligent Rate Limiting system that prevents excessive usage and protects against DDoS attacks.

• Threat Detection:

  Continuous 24/7 monitoring of suspicious activities with automatic logging of intrusion attempts.

3. Account Security

• Password encryption using strong hashing algorithms (bcrypt).
• Secure session management with automatic expiration of inactive sessions.
• Protection against repeated login attempts (Brute Force Protection).
• Instant notifications when unusual activity is detected on your account.

4. Data Security

• Data storage on secure servers with regular backups.
• Separation of databases from application servers.
• Implementation of the Least Privilege principle for data access.
• Encryption of sensitive data at rest.

5. Email Security

We implement email security standards to protect our communications with subscribers:

• Use of secure SMTP protocols with TLS encryption.
• List-Unsubscribe headers for safe and easy unsubscription.
• No sensitive information included in email messages.
• Sender identity verification through SPF, DKIM, and DMARC.

6. Vulnerability Reporting

We welcome responsible disclosure of any security vulnerabilities. If you discover a security vulnerability in our systems, please contact us immediately via email. We commit to treating all reports with complete confidentiality and responding within 48 hours.

7. Compliance and Standards

We comply with the following regulations and standards:

• Personal Data Protection Law of the Kingdom of Saudi Arabia (PDPL).
• National Cybersecurity Authority (NCA) standards.
• OWASP best practices for web application security.
• International data encryption standards.

8. Security Updates

We regularly update our security systems to keep pace with the latest threats. This includes continuous updates to software, libraries, and security protocols.

9. Contact Us

For any security inquiries or to report a vulnerability, please contact us: