Ulnakre Logo
Ulnakre
Flexible learning paths tailored to your schedule

Security Policy

Last updated: August 15, 2025

At Ulnakre, we are committed to protecting the security and integrity of our educational platform and the personal information of our users. This Security Policy outlines the measures we implement to safeguard your data and ensure a secure learning environment.

1. Information Security Framework

We maintain a comprehensive information security program designed to protect against unauthorized access, disclosure, alteration, or destruction of information. Our security framework is built on industry-standard practices and is regularly reviewed and updated to address emerging threats.

1.1 Security Standards

Our security practices align with recognized industry standards and best practices. We continuously monitor and improve our security posture to maintain the confidentiality, integrity, and availability of our services and your information.

1.2 Risk Assessment

We conduct regular risk assessments to identify potential vulnerabilities and threats to our systems and data. These assessments inform our security priorities and guide the implementation of appropriate safeguards.

2. Data Protection Measures

We employ multiple layers of security controls to protect your information throughout its lifecycle on our platform.

2.1 Encryption

Data in transit between your device and our servers is protected using industry-standard encryption protocols. Sensitive data at rest is encrypted using strong encryption algorithms to prevent unauthorized access.

2.2 Access Controls

Access to user data and system resources is restricted based on the principle of least privilege. Only authorized personnel who require access to perform their job functions are granted appropriate permissions. All access is logged and monitored.

2.3 Authentication

We implement robust authentication mechanisms to verify user identities and prevent unauthorized account access. Users are encouraged to create strong passwords and may utilize additional security features such as two-factor authentication where available.

3. Infrastructure Security

Our technical infrastructure is designed and maintained with security as a fundamental consideration.

3.1 Network Security

Our network infrastructure incorporates firewalls, intrusion detection systems, and other security technologies to prevent unauthorized access and detect potential security incidents. Network traffic is monitored continuously for suspicious activity.

3.2 Server Security

Our servers are hardened according to security best practices, with unnecessary services disabled and security patches applied promptly. Server access is restricted and monitored, with all administrative actions logged for audit purposes.

3.3 Application Security

Our applications undergo security testing during development and deployment. We follow secure coding practices and conduct regular vulnerability assessments to identify and remediate potential security issues.

4. Data Backup and Recovery

We maintain regular backups of critical data to ensure business continuity and data recovery capabilities in the event of a security incident or system failure.

4.1 Backup Procedures

Automated backup processes run on a regular schedule to capture current data. Backups are stored securely in geographically separate locations to protect against localized incidents.

4.2 Disaster Recovery

We maintain disaster recovery plans and procedures to restore services and data in the event of a major incident. These plans are tested periodically to ensure their effectiveness.

5. Personnel Security

Our team members are essential to maintaining the security of our platform and your information.

5.1 Training and Awareness

All personnel receive security awareness training appropriate to their roles. This training covers topics such as data protection, password security, phishing awareness, and incident reporting procedures.

5.2 Background Checks

We conduct appropriate background checks on personnel who have access to sensitive systems or user data, in accordance with applicable laws and regulations.

5.3 Confidentiality Obligations

All team members are bound by confidentiality obligations and are required to protect the confidentiality and security of user information.

6. Vendor and Third-Party Security

When we engage third-party service providers who may have access to user data, we implement appropriate safeguards.

6.1 Vendor Assessment

We evaluate the security practices of third-party vendors before engaging their services. Vendors handling sensitive data must demonstrate adequate security controls.

6.2 Contractual Protections

Our agreements with third-party vendors include provisions requiring them to maintain appropriate security measures and use data only for authorized purposes.

7. Incident Response

We maintain processes to detect, respond to, and recover from security incidents.

7.1 Monitoring and Detection

Our systems are monitored continuously for signs of security incidents or anomalous activity. Automated alerts notify our security team of potential issues requiring investigation.

7.2 Incident Response Procedures

We have established incident response procedures to contain, investigate, and remediate security incidents. Our response activities include identifying the scope of the incident, mitigating immediate threats, and implementing measures to prevent recurrence.

7.3 Notification

In the event of a security incident that affects user data, we will notify affected users in accordance with applicable laws and regulations. Notifications will include information about the nature of the incident, the data affected, and steps users can take to protect themselves.

8. Physical Security

Physical access to facilities housing our infrastructure is controlled and monitored to prevent unauthorized entry.

8.1 Access Controls

Data centers and facilities containing critical infrastructure employ physical access controls including surveillance systems, security personnel, and entry authentication mechanisms.

8.2 Environmental Controls

Facilities are equipped with environmental controls to protect against threats such as fire, flooding, and power outages. Redundant systems ensure continuous operation of critical infrastructure.

9. Vulnerability Management

We proactively identify and address security vulnerabilities in our systems and applications.

9.1 Vulnerability Scanning

Regular automated and manual vulnerability scans are conducted to identify potential security weaknesses. Identified vulnerabilities are assessed, prioritized, and remediated based on risk.

9.2 Patch Management

Security patches and updates are applied to systems and applications in a timely manner. Critical security patches are prioritized and deployed promptly to address known vulnerabilities.

10. Logging and Monitoring

Comprehensive logging and monitoring capabilities enable us to detect security incidents and support investigations.

10.1 Audit Logs

System activities, user access, and administrative actions are logged for audit and security purposes. Logs are retained for an appropriate period and are protected against unauthorized modification.

10.2 Security Monitoring

Security logs are reviewed regularly to identify potential security incidents or policy violations. Automated monitoring tools alert our security team to suspicious activities requiring investigation.

11. Compliance and Audits

We maintain processes to ensure compliance with applicable legal and regulatory requirements related to information security.

11.1 Regulatory Compliance

Our security practices are designed to comply with applicable data protection and privacy regulations. We monitor regulatory developments and update our practices as necessary to maintain compliance.

11.2 Security Audits

We conduct periodic security audits and assessments to evaluate the effectiveness of our security controls. Independent third-party assessments may be performed to provide objective verification of our security posture.

12. User Responsibilities

While we implement extensive security measures, users also play a critical role in maintaining security.

12.1 Account Security

Users are responsible for maintaining the security of their account credentials. This includes creating strong passwords, keeping passwords confidential, and not sharing account access with others.

12.2 Reporting Security Issues

Users should report suspected security incidents, vulnerabilities, or unauthorized access to their accounts immediately. Prompt reporting enables us to investigate and respond quickly to potential threats.

12.3 Secure Usage

Users should access the platform from secure devices and networks. We recommend using updated browsers and operating systems with current security patches, and avoiding access from public or untrusted networks when handling sensitive information.

13. Payment Security

When processing payments, we employ security measures to protect financial information.

13.1 Payment Processing

Payment transactions are processed using secure, encrypted connections. We work with reputable payment processors that maintain appropriate security certifications and comply with payment card industry standards.

13.2 Data Minimization

We minimize the collection and retention of payment card information. Where possible, we utilize tokenization or other mechanisms that avoid storing complete payment card details on our systems.

14. Security Communications

We may communicate with users regarding security-related matters through various channels.

14.1 Security Notifications

Important security notifications, including those related to incidents, system updates, or security advisories, may be sent via email or displayed within the platform.

14.2 Official Channels

Security-related communications from Ulnakre will come from official company email addresses or will be posted on our official website. Users should be cautious of communications claiming to be from Ulnakre that come from unofficial sources.

15. Data Retention and Disposal

We maintain and dispose of data in accordance with security best practices.

15.1 Retention Periods

Data is retained only for as long as necessary to fulfill the purposes for which it was collected or as required by law. Retention periods vary based on data type and legal requirements.

15.2 Secure Disposal

When data is no longer needed, it is securely deleted or destroyed to prevent unauthorized recovery. Disposal methods are appropriate to the sensitivity of the data and the media on which it is stored.

16. Policy Updates

This Security Policy may be updated periodically to reflect changes in our security practices, technology, or legal requirements.

16.1 Notification of Changes

Significant changes to this policy will be communicated to users through appropriate channels. The date of the last update is indicated at the top of this policy.

16.2 Review Frequency

We review this policy at least annually and update it as necessary to ensure it remains current and effective.

17. Contact Information

If you have questions, concerns, or wish to report a security issue, please contact us:

Ulnakre
Ballymountain, Co. Cork, T12 K261, Ireland
Email: [email protected]
Phone: +353 18 907 074

For security-related matters, please clearly mark your communication as concerning a security issue to ensure it receives appropriate priority and handling.

18. Commitment to Security

Security is an ongoing process, not a one-time effort. We are committed to continuously improving our security practices and investing in the technologies and processes necessary to protect our platform and your information. We appreciate the trust you place in us and take seriously our responsibility to maintain that trust through robust security measures.

We use cookies to improve your experience on our site. Essential cookies are necessary for basic functionality, while optional cookies help us understand usage patterns and enhance our services. You can choose which cookies to accept.

These cookies are essential for the website to function properly. They enable core functionality such as security, network management, and accessibility.

These cookies help us understand how visitors interact with our website by collecting and reporting information anonymously. This data helps us improve the site's performance.

Marketing cookies track your online activity to help us deliver more relevant advertising or to limit how many times you see an ad. They may be set by us or third-party providers.