Add your promotional text...
Kideeka – Security Policy
Effective Date: [Insert Date]
This Security Policy explains how Kideeka protects your information, keeps our platform safe, and prevents misuse. It applies to everything we do — our website, mobile apps (Android/iOS), online games, teacher tools, servers, databases, and all personal information we manage for children, parents, and teachers.
1.Our Commitment.At Kideeka, safety is our top priority. We are committed to:
Keeping personal information secure and private.
Preventing hacking, fraud, or misuse of accounts.
Building safety into our games and tools from the start.Responding quickly and effectively to any problems.
Giving parents, teachers, and schools full confidence in using our platform.
2.Roles and Responsibilities:
Company Leaders – Approve safety plans and provide resources for security.
Security Lead – Ensures our safety rules are followed.
Data Protection Officer (DPO) – Manages compliance with privacy laws and handles data requests.
Technical Team – Builds and maintains the platform securely.
All Staff – Follow security rules and complete regular training.
3.Risk Management:
We review risks at least annually, or sooner if needed.
New features, especially those involving children’s data, are tested for safety before launch.
We comply with Malaysia’s PDPA and relevant child-safety laws such as COPPA.
4.Secure Development:
Safety is included in the design of every new feature.
Code is scanned and tested for vulnerabilities before release.
Apps and websites are tested for common security issues (e.g., OWASP Top 10).
Emergency fixes are applied quickly if issues occur.
5. Account Protection:
Strong passwords are required for all accounts.
Multi-factor authentication (MFA) is used for parents, teachers, and admin accounts.
Automatic logout after inactivity.
All passwords and tokens are encrypted and securely stored.
6.Data Protection:
We collect only what is necessary (nicknames used for children where possible).
All data is encrypted during storage and transmission.
Backups are encrypted and tested regularly.
Parents control permissions for voice or video features.
7.Secret Management:
No passwords or private keys stored in our public code.
Sensitive information stored in secure vaults with regular key rotation.
Access limited to authorised staff only.
8.System Protection:
Sensitive systems are isolated from public networks.
Firewalls, DDoS protection, and rate-limiting prevent abuse.
Software updates and patches are applied promptly.
9.Third-Party Security:
We only work with trusted partners who pass safety checks.
Partners must follow strict security requirements.
Access is limited and monitored at all times.
10.Monitoring and Response:
Activity logs are kept securely to track important actions.
Alerts are triggered for unusual behaviour.
In case of an incident, we follow a clear response plan and notify parents and authorities where required by law.
11.Security Testing:
Independent experts review our security annually.
High-risk issues are fixed within hours or days.
Responsible bug reports can be sent to security@kideeka.com.
12.Child Safety:
Child accounts are private by default.
Public chats are off unless a parent enables them.
Teachers are verified and only access the data they need to teach.
Parents may view, update, or delete their child’s data at any time.
13.Staff Training:
All staff receive data protection and security training.
Developers are trained in secure coding practices.
Emergency drills are conducted regularly.
14.Physical Security:
Only authorised personnel can access company servers or offices.
Company devices are encrypted and password-protected
15.Breach Notification:
If a data breach occurs, affected users will be informed.
We will explain the incident, actions taken, and steps for protection.
16.Rule Enforcement:
Staff who break security rules may face disciplinary action, including termination.
Partners who violate rules may have their contracts terminated.