General Security Policy for Plugins by Aurorem

1. Introduction

At Aurorem, we prioritize the security of our users and their data. This Security Policy outlines the measures we take across all our WordPress plugins to ensure safe, secure, and privacy-compliant experiences. By using any of our plugins, you agree to the terms of this policy.

2. Data Protection and Privacy

  • Minimal Data Collection: Our plugins collect only the data necessary to provide functionality. Typically, this includes user inputs and settings configurations but does not involve sensitive personal data (e.g., financial data, passwords).

  • Data Storage: Our plugins do not store user data unless explicitly stated. Any data stored is done in accordance with the best security practices and only for the duration required for the functionality of the plugin.

  • Data Encryption: Any data transmitted between the plugin and external services or users is encrypted using SSL/TLS protocols to prevent unauthorized interception or access.

  • User Data Privacy: We respect your privacy and do not share user data with third parties without consent, except where required by law or for integrated third-party services (e.g., email or CRM systems).

3. Access Control and User Authentication

  • Role-Based Access: Our plugins leverage WordPress’s user role system, ensuring that only authorized users can access plugin settings or perform critical actions.

  • Authentication Best Practices: We recommend the use of strong, unique passwords for your WordPress admin accounts and encourage multi-factor authentication (MFA) where possible.

4. Code Integrity and Updates

  • Secure Code Development: Our plugins are developed using secure coding practices to mitigate common vulnerabilities, such as SQL injection, cross-site scripting (XSS), and cross-site request forgery (CSRF).

  • Regular Updates: We release updates for all our plugins to patch security vulnerabilities, improve functionality, and enhance overall security. Users are encouraged to keep their plugins up to date with the latest version.

  • Security Audits: Our plugins undergo routine security audits and vulnerability assessments to ensure their integrity and compliance with security standards.

5. Handling Security Vulnerabilities

  • Reporting Vulnerabilities: We encourage users and security researchers to report any security vulnerabilities they discover to our dedicated security team at [[email protected]]. We treat all reports seriously and respond promptly to resolve issues.

  • Vulnerability Response: Upon discovering a security vulnerability, we work swiftly to assess and release a patch. Users will be notified through our usual communication channels and updates will be pushed as soon as a fix is available.

6. Third-Party Integrations and External Services

  • Third-Party Services: Our plugins may integrate with external services (e.g., payment gateways, email systems, APIs). The security of these services is managed by their respective providers, and we advise users to ensure that they are using secure, trusted services.

  • API Security: Any API integrations with external systems must use secure authentication methods such as API keys, OAuth, or other appropriate security measures to prevent unauthorized access.

7. Security Best Practices for Users

  • Keep Plugins Updated: Always ensure that your WordPress plugins are up to date to receive the latest security patches and improvements.

  • Backup Regularly: Regular backups are essential for ensuring the safety and recovery of your WordPress site and its data.

  • Monitor Activity: We recommend monitoring login activity and other critical changes to your site to detect any unusual or unauthorized actions.

8. Compliance with Legal Regulations

  • GDPR and Data Privacy: Our plugins comply with applicable data protection regulations, including the General Data Protection Regulation (GDPR). We ensure that user data is handled in a transparent and secure manner.

  • Other Regional Laws: We are committed to ensuring compliance with other privacy and security regulations depending on the user’s location.

9. Conclusion

At Aurorem, we are committed to providing secure, reliable, and privacy-conscious solutions for WordPress users. Our security measures are constantly reviewed and improved to ensure the protection of your data and provide a safe user experience.