Security Practices & Responsible Disclosure

At TheHackitect Solutions, security isn't an afterthought — it's foundational to everything we build and deliver. We follow industry best practices and continuously improve our security posture.

Our Security Practices

  • Encryption: End-to-end encryption (TLS 1.3) for all data in transit; AES-256 encryption for data at rest
  • Authentication: Multi-factor authentication (MFA) for all internal systems; bcrypt password hashing with 12+ rounds
  • Code Security: OWASP Top 10 compliance in all web applications; automated static analysis (SAST) and dependency scanning
  • Infrastructure: Regular security audits and penetration testing; zero-trust network architecture; least-privilege access controls
  • Monitoring: 24/7 real-time threat monitoring; automated alerting for suspicious activity; comprehensive audit logging
  • Updates: Regular dependency updates and vulnerability scanning; automated patch management for critical vulnerabilities
  • Training: Annual security awareness training for all team members; secure coding practices training for developers

Compliance

We design our solutions with compliance in mind, including Nigeria Data Protection Regulation (NDPR), Payment Card Industry Data Security Standard (PCI DSS) where applicable, and international best practices for data handling.

Responsible Disclosure

If you discover a security vulnerability in any of our systems or products, we encourage responsible disclosure:

  1. Email your findings to security@thehackitectsolutions.com
  2. Include detailed steps to reproduce the vulnerability
  3. Allow us reasonable time (90 days) to address the issue before public disclosure
  4. Do not access, modify, or delete data belonging to other users

We appreciate security researchers who help us maintain the safety and integrity of our systems. Responsible reporters will be acknowledged (with permission) on our security hall of fame.

Incident Response

In the event of a security incident, we will:

  • Investigate and contain the incident within 4 hours
  • Notify affected parties within 72 hours as required by law
  • Conduct a thorough post-incident review
  • Implement corrective measures to prevent recurrence