This Security Policy describes the technical and organisational measures implemented by Tavrion Ltd («Company», «we», «our», «us») to ensure the confidentiality, integrity, and availability of data processed through our website https://tavrion.net/ and in connection with our professional services.

Tavrion Ltd is a company registered in Northern Ireland under company number NI734857, with its registered office at Office 1404, 92 Castle Street, Belfast, BT1 1HE, NORTHERN IRELAND. The Company operates within the scope of specialised design activities (74100), other business support service activities (82990), and other professional service activities (96090).
 We recognise the importance of information security in the provision of UX/UI design, digital consulting, business advisory, and related services. We are committed to implementing appropriate safeguards to prevent unauthorised access, disclosure, alteration, or destruction of information.

  1. Information Security Governance

Information security is managed through internal policies, procedures, and accountability structures. The Director of Tavrion Ltd maintains oversight of data protection and security practices to ensure compliance with UK GDPR, the Data Protection Act 2018, and relevant industry standards.

 Security responsibilities are clearly defined within the organisation, and access to sensitive systems is granted strictly on a need-to-know basis.

   2. Technical Safeguards

 A. Encryption

 All sensitive data transmitted between users and our Website is protected using Secure Socket Layer (SSL) or Transport Layer Security (TLS) encryption protocols. Where applicable, data at rest is protected through encryption mechanisms provided by secure hosting providers.

 B. Access Control

 Access to internal systems, design files, client documentation, and infrastructure components is restricted to authorised personnel. Authentication mechanisms include strong password requirements and multi-factor authentication for administrative access.

 C. Network Security

 We employ firewalls, intrusion detection systems, and network monitoring tools to safeguard digital infrastructure. These measures are designed to identify, prevent, and respond to potential threats.

 D. Secure Hosting

 Our digital infrastructure is hosted in secure data centres that adhere to recognised industry standards for physical and environmental security. Hosting providers are selected based on demonstrated compliance with security best practices.

 E. Patch and Update Management

 We maintain an active update process to ensure that software, plugins, frameworks, and infrastructure components are regularly patched and updated to address known vulnerabilities.

   3. Application Security

 As a provider of digital design and consulting services, we apply secure development principles when delivering digital assets and recommendations.

 A. Secure Development Practices

 Where development services are provided, we follow secure coding standards and industry best practices to minimise vulnerabilities.
 
 B. Code Review and Testing

 Design deliverables and digital assets are reviewed for integrity and security considerations prior to transfer to clients. Testing may include validation of secure configuration where applicable.

 C. Vulnerability Monitoring

 We periodically assess systems for vulnerabilities and address identified risks in a timely manner.

   4. Data Minimisation and Protection

 We collect and process only the personal data necessary to fulfil contractual and legal obligations. Data minimisation principles are applied across all services, including UX/UI consulting and business support activities.

 Personal data is retained only for the duration necessary to fulfil the intended purpose and in accordance with legal requirements.

   5. Organisational Measures

 A. Confidentiality Agreements

 All personnel and contractors with access to sensitive information are subject to confidentiality obligations.

 B. Security Awareness Training

 Security awareness guidance is provided to ensure personnel understand best practices for data handling, phishing awareness, and secure system usage.

 C. Incident Response Procedures
 
 We maintain procedures to identify, manage, and mitigate information security incidents. These procedures include detection, containment, investigation, remediation, and documentation.

   6. Data Breach Management
 
 In the event of a personal data breach, Tavrion Ltd will:

 — Investigate and assess the nature and scope of the breach;
 — Take immediate action to contain and mitigate potential impact;
 — Notify affected individuals where required;
 — Report to the Information Commissioner’s Office within 72 hours where legally mandated.

   7. Third-Party Service Providers

 We may engage third-party providers to support hosting, analytics, payment processing, or infrastructure services. All third-party providers are subject to due diligence processes and contractual safeguards to ensure compliance with applicable security and data protection requirements.

 We require third-party processors to implement technical and organisational measures equivalent to those maintained by Tavrion Ltd.

   8. Physical Security

 Where applicable, physical access to systems and work devices is controlled through secure environments. Devices containing sensitive information are protected through password controls and encryption.

   9. Business Continuity and Disaster Recovery

 We implement reasonable measures to ensure continuity of operations, including secure backups and recovery procedures. Backup data is stored securely and tested periodically to ensure recoverability.

   10. User Responsibilities

 Clients and Website users are responsible for maintaining the security of their own systems and credentials. Users must:

 — Use strong and unique passwords;
 — Protect login credentials from unauthorised disclosure;
 — Notify us promptly of suspected security concerns.

 The Company shall not be liable for security incidents resulting from user negligence or third-party compromise beyond our control.

   11. Continuous Improvement

 Information security is an ongoing process. Tavrion Ltd regularly reviews and enhances its security measures in response to evolving threats, technological developments, and regulatory requirements.

   12. Policy Updates

 This Security Policy may be updated periodically to reflect changes in operational practices or legal obligations. Updated versions will be published on https://tavrion.net/ with a revised Effective Date.

 Continued engagement with our services constitutes acceptance of any revised policy.

   13. Contact Information

 Tavrion Ltd
 Company Registration Number: NI734857
 Registered Office: Office 1404, 92 Castle Street, Northern Ireland, Belfast, BT1 1HE, NORTHERN IRELAND
 Director: Vorobei Yevheniia
 Email: tavrioncompany@gmail.com
 Website: https://tavrion.net/

 For security-related enquiries or to report a potential vulnerability, please contact us using the details above.