Information Security Policy

Last Updated: June 2025

1. Purpose

This document outlines the security practices and protocols implemented by SkyL4rk (Pty) Ltd to protect the data and operations of its platforms, including xCrypt.

2. Scope

This policy applies to all systems, employees, and data processing operations under the SkyL4rk umbrella.

3. Security Controls

• Encrypted data transmission using TLS 1.2+
• Secure password hashing using bcrypt
• Two-Factor Authentication (2FA) for admin users
• Role-based access control (RBAC)
• Geo-fenced administrative access
• Daily encrypted database backups

4. Incident Response

All incidents are logged and investigated within 24 hours. Critical security breaches are reported to affected clients within 72 hours as per GDPR and POPIA regulations.

5. Sub-Processor Security

SkyL4rk only uses secure cloud providers (e.g., Google Cloud Platform). Vendor agreements include confidentiality and security clauses.