Security at Legitopedia

Protecting trust with real security.

At Legitopedia, transparency and security go hand-in-hand. We’re committed to protecting your personal data, your account, and the integrity of the Legitopedia platform. This policy outlines the security measures we take, how we manage vulnerabilities, and what you can do to keep your information safe.

It complements our Privacy Policy and Terms of Use.

Our Security Commitments

We take the following actions to secure our systems, data, and users:

Encryption

  • All data is encrypted in transit using HTTPS/SSL.
  • Sensitive data (such as login credentials) is hashed and stored securely.
  • We use TLS 1.2+ and HSTS enforcement sitewide.

Infrastructure & Hosting

  • We host our services on modern cloud infrastructure with physical and digital security standards (e.g., AWS, Google Cloud).
  • Firewalls, access controls, and monitoring systems are always active.

Authentication

  • Strong password policies are enforced.
  • Optional Two-Factor Authentication (2FA) is available for all users.
  • Account lockout and rate limiting help prevent brute-force attacks.

Code & Platform Security

  • Frequent security audits and vulnerability scans
  • Continuous integration/deployment pipelines with safety checks
  • Regular penetration testing and code review processes
  • Secure development lifecycle (SDLC) best practices followed

Monitoring & Incident Response

  • 24/7 automated monitoring of suspicious activity
  • Real-time alerts for critical failures, anomalies, or traffic spikes
  • Defined incident response procedures and escalation timelines

What You Can Do to Stay Safe

Security is a shared responsibility. Here are tips to protect your Legitopedia account:

  • Use a strong, unique password
  • Enable 2FA on your account
  • Never share your login details
  • Be cautious of phishing attempts (we will never ask for your password)
  • Report suspicious activity immediately

If you believe your account has been compromised, contact [email protected] immediately.

Reporting Vulnerabilities (Bug Bounty)

We welcome responsible disclosure of security vulnerabilities.

If you’ve found a flaw in our systems, please report it privately so we can investigate and resolve it promptly.

  • Email: [email protected]
  • Include: A clear description, steps to reproduce, and (if applicable) screenshots or code examples
  • We do not support: Public disclosures prior to a fix, automated scanning reports without proof-of-concept, or social engineering attempts

We will:

  • Acknowledge your report within 48 hours
  • Investigate and verify the issue
  • Update you on resolution progress
  • Credit you (if requested) on our future public Hall of Thanks page

Policy Updates

As our platform evolves, so do our security measures. We update this page periodically. Check back here or in our Privacy Policy for changes.

Contact

For security-related questions, concerns, or disclosures:

Email: [email protected]

Emergency contact: [email protected]