Security Policy
Our measures for data protection and information security
Version: 2.0•Effective: 1/1/2025•Last Updated: 12/17/2025
Table of Contents
1. 1. Introduction
At MEGA PROMOTING S.R.L., customer data security is our top priority. We implement measures compliant with:
- ISO 27001:2022
- SOC 2 Type II
- GDPR Art. 32
2. 2. Encryption
- Data at rest: AES-256
- Data in transit: TLS 1.3
- Voice recordings: AES-256-GCM (end-to-end)
- Backups: AES-256
3. 3. Access Control
- Mandatory MFA for all employees
- RBAC (Role-Based Access Control)
- Least privilege principle
- Quarterly access reviews
- SSO available for Enterprise
4. 4. Infrastructure
- ISO 27001, SOC 2 certified data centers
- Next-gen firewalls, IDS/IPS
- 24/7 SIEM monitoring
- Automatic DDoS protection
- Multi-zone redundancy
5. 5. Application Security
- Integrated Secure SDLC
- Mandatory code review
- Automatic SAST/DAST
- Annual penetration testing
- Continuous vulnerability scanning
6. 6. Incident Response
Complete plan: Detection → Analysis → Containment → Eradication → Recovery → Lessons learned
Notifications per GDPR Art. 33-34 within 72 hours.
7. 7. Vulnerability Reporting
We appreciate responsible disclosure:
- Email: contact@kallina.info (subject: "Security")
- Response within 24 hours
8. 8. Contact
MEGA PROMOTING S.R.L.
IDNO: 1019600021765
Email: contact@kallina.info
Phone: +373 61 066 888
Questions About This Policy?
If you have any questions about this security policy, please contact us.
contact@kallina.info