Security policy

Cyber security principles

Date of entry into force: 14.04.2024.

Elite2You Academy is committed to keeping user data secure, protecting the digital learning experience and minimising cybersecurity risks.

This policy describes the technical and organisational measures we use to keep the platform secure.

This security policy gives users a reassuring answer to the question of how we protect their data. It reduces the legal risks arising from GDPR and provides a basis for customer support should a technical or data security issue arise.

1. Data security and encryption

• All personal data provided on the site is transmitted over an encrypted SSL connection.

• The data stored in the database is protected according to authorisation levels, preventing unauthorised access.

• Passwords are not stored as plain text, but are saved using modern one-way encryption algorithms (e.g. bcrypt).

2. Password management and access protection

• Passwords are not recognised by the system and are not stored in a decryptable form.

• Users are instructed to use strong passwords.

• We recommend that users update their passwords regularly for security reasons.

• The system is protected against brute-force attacks (e.g. IP restriction, temporary blocking after multiple failed logins).

3. Website and server security

• The platform and hosting are hosted with a trusted service provider, where daily backups are made.

• We perform regular WordPress and plugin updates to avoid vulnerabilities.

• We also use firewalls, spam protection and virus scanning.

• The administration area is only accessible by internal staff, protected by IP filtering and two-factor authentication.

4. Access and privileges

• The system uses a role-based access model:

  • Learners only have access to their own courses.

  • Teachers can only edit their own courses.

  • Admins have full access, but only in relation to their job role.

• All activity is logged so that it can be retrieved if any anomalies occur.

5. Backups and data storage

• We make daily backups of the website, database and course data.

• Backups are stored in encrypted form on a separate server and are only accessible by administrators.

• The data will be kept for the period specified in the GDPR and will be deleted at the user’s request.

6. Cyber security incident protocol

• If suspicious activity is detected, an immediate blocking and investigation is carried out.

• In case of a data leak or vulnerability, we will immediately notify the users concerned as well as the authorities, as required by the GDPR.

• We have an emergency procedure that includes protocols for incident handling, data recovery, recovery and notification steps.