Skip to main content

Security

Last Updated: October 23, 2025

1. Our Commitment to Security

At SMERP TEK, security is fundamental to everything we do. We implement industry-leading security practices to protect your data and ensure the integrity, availability, and confidentiality of our services. This page outlines our security measures and provides information for security researchers.

2. Security Framework

2.1 Data Encryption

  • In Transit: All data transmitted to and from SMERP TEK is encrypted using TLS 1.3
  • At Rest: All stored data is encrypted using AES-256 encryption
  • Database: Database connections use encrypted channels

2.2 Access Controls

  • Multi-factor authentication (MFA) required for all administrative access
  • Role-based access control (RBAC) with principle of least privilege
  • Regular access reviews and audit logging
  • Secure session management with automatic timeout

2.3 Infrastructure Security

  • Global CDN: Cloudflare edge computing with DDoS protection across 250+ locations
  • High-Performance Caching: Redis-powered caching for sub-second data access
  • Cloud-Native Architecture: Vercel (frontend) and Railway/Render (backend) infrastructure
  • Media Optimization: Cloudinary for intelligent media delivery and optimization
  • Communications: Enterprise-grade Resend (email) and Twilio (SMS) infrastructure
  • SOC 2 Type II: Certified infrastructure partners
  • Multi-Region Redundancy: Automatic failover and disaster recovery
  • Auto-Scaling: Horizontal scaling for unlimited growth

2.4 Application Security

  • Content Security Policy (CSP) headers
  • CSRF protection on all forms
  • Input validation and sanitization
  • SQL injection prevention
  • XSS protection
  • Security headers (HSTS, X-Frame-Options, etc.)

3. Security Operations

3.1 Monitoring: 24/7 security monitoring and alerting

3.2 Incident Response: Dedicated security incident response team

3.3 Vulnerability Management: Regular security scanning and penetration testing

3.4 Backups: Encrypted daily backups with 30-day retention

3.5 Disaster Recovery: Business continuity plan with RTO < 4 hours

4. Performance & Reliability

4.1 Speed & Availability:

  • Global CDN: Sub-100ms response times worldwide via 250+ edge locations
  • Page load time: <2 seconds globally
  • Uptime: 99.9% SLA guaranteed
  • Auto-scaling: Handles unlimited traffic spikes automatically
  • Multi-layer caching: Intelligent Redis and edge caching for optimal performance

4.2 Architecture:

  • API-first design with separate frontend/backend
  • Microservices architecture for reliability and scalability
  • Event-driven workflows
  • Real-time data synchronization
  • Horizontal scaling for unlimited growth

5. Compliance

SMERP TEK maintains compliance with:

  • SOC 2 Type II: Certified infrastructure partners
  • GDPR: Compliant data handling and processing
  • HIPAA: Compliance available for healthcare products (SMERP Procure)
  • ISO 27001: Certified hosting partners and security controls
  • UAE PDPL: Personal Data Protection Law compliance
  • OWASP Top 10: Security guidelines implementation

6. Responsible Disclosure Policy

We welcome reports from security researchers who discover vulnerabilities in our systems. We are committed to working with the security community to verify, reproduce, and respond to legitimate security issues.

How to Report a Vulnerability

If you believe you've found a security vulnerability, please:

  1. Email us at security@smerptek.com with details of the vulnerability
  2. Include steps to reproduce the issue
  3. Provide your contact information for follow-up
  4. Allow us reasonable time to investigate and address the issue before public disclosure

What We Ask From Researchers

  • Make a good faith effort to avoid privacy violations, data destruction, and service interruption
  • Do not access or modify data belonging to others
  • Do not perform attacks that could harm the reliability or integrity of our services
  • Provide us with a reasonable amount of time to fix the issue before public disclosure
  • Do not exploit the vulnerability for personal gain

What We Promise

  • Respond to your report within 72 hours
  • Keep you informed of our progress
  • Credit you for the discovery (unless you prefer to remain anonymous)
  • Not pursue legal action against researchers who follow these guidelines

7. Scope

In Scope

  • smerptek.com (main website)
  • API endpoints at smerptek.com/api/*
  • Web applications hosted on smerptek.com subdomains

Out of Scope

  • Social engineering attacks
  • Physical security testing
  • Third-party services we use
  • Denial of Service (DoS) attacks

8. Security Best Practices for Users

We recommend our users follow these security practices:

  • Use strong, unique passwords for your SMERP TEK account
  • Enable multi-factor authentication when available
  • Keep your software and browsers up to date
  • Be cautious of phishing emails claiming to be from SMERP TEK
  • Report suspicious activity to security@smerptek.com
  • Log out when using shared devices

9. Security Certifications

Current and planned certifications:

  • Completed: OWASP secure development training
  • In Progress: ISO 27001 certification
  • Planned: Annual third-party penetration testing

10. Incident History

We maintain transparency about security incidents. As of October 23, 2025:

No security incidents to report.

This page will be updated in the event of any security incidents affecting user data.

11. Contact Security Team

Security Team Contact:

Email: security@smerptek.com

General Inquiries: smerptek.com/contact

For security vulnerabilities, please use security@smerptek.com. For privacy concerns, use privacy@smerptek.com.

This security page follows RFC 9116 (security.txt) principles and demonstrates our commitment to transparency and responsible security practices.