{% extends "base.html" %}

{% block title %}Security Policy - MyWebdav{% endblock %}

{% block description %}Security Policy for MyWebdav cloud storage service.{% endblock %}

{% block extra_css %}
<style>
.legal-content {
    max-width: 900px;
    margin: 0 auto;
    padding: 3rem 2rem;
    background: white;
    border-radius: 8px;
}

.legal-title {
    font-size: 2.5rem;
    font-weight: 700;
    color: #1565c0;
    margin-bottom: 1rem;
    padding-bottom: 1rem;
    border-bottom: 3px solid #1976d2;
}

.legal-updated {
    color: #666;
    font-style: italic;
    margin-bottom: 2rem;
}

.legal-content h2 {
    font-size: 1.75rem;
    color: #333;
    margin-top: 2rem;
    margin-bottom: 1rem;
    padding-bottom: 0.5rem;
    border-bottom: 2px solid #e0e0e0;
}

.legal-content h3 {
    font-size: 1.25rem;
    color: #555;
    margin-top: 1.5rem;
    margin-bottom: 0.75rem;
}

.legal-content p {
    line-height: 1.8;
    color: #555;
    margin-bottom: 1rem;
}

.legal-content ul {
    margin-left: 2rem;
    margin-bottom: 1rem;
}

.legal-content li {
    margin-bottom: 0.5rem;
    line-height: 1.6;
    color: #555;
}

.legal-content strong {
    color: #333;
    font-weight: 600;
}

.legal-contact {
    margin-top: 3rem;
    padding: 2rem;
    background: #f5f5f5;
    border-radius: 8px;
    border-left: 4px solid #1976d2;
}

.legal-contact h3 {
    color: #1565c0;
    margin-top: 0;
}

@media (max-width: 768px) {
    .legal-title {
        font-size: 2rem;
    }

    .legal-content {
        padding: 2rem 1rem;
    }
}
</style>
{% endblock %}

{% block content %}
<div class="legal-content">
    <h1 class="legal-title">Security Policy</h1>
    <p class="legal-updated">Last Updated: November 16, 2025</p>

    
<h2>1. Introduction</h2>

<h3>1.1 Purpose</h3>
<p>This policy establishes the framework for securing our cloud storage platform and ensures all personnel understand their security responsibilities.</p>

<h3>1.2 Scope</h3>
<p>Applies to all employees, contractors, systems, and data managed by MyWebdav Technologies.</p>

<h2>2. Governance and Management</h2>

<h3>2.1 Information Security Management System (ISMS)</h3>
<p>We maintain an ISO/IEC 27001-certified ISMS with regular risk assessments, audits, and continuous improvement.</p>

<h3>2.2 Roles and Responsibilities</h3>
<ul>
    <li><strong>CISO:</strong> Oversees security program</li>
    <li><strong>Security Team:</strong> Implements controls and responds to incidents</li>
    <li><strong>Employees:</strong> Follow policies and report incidents</li>
    <li><strong>Management:</strong> Provides resources and enforces compliance</li>
</ul>

<h2>3. Access Control</h2>

<h3>3.1 Access Management</h3>
<p>Access follows the principle of least privilege with multi-factor authentication required for administrative access.</p>

<h3>3.2 User Authentication</h3>
<p>Strong passwords, regular rotation, and account lockout policies are enforced.</p>

<h3>3.3 Remote Access</h3>
<p>Secured via VPN with full logging and monitoring.</p>

<h2>4. Data Protection and Encryption</h2>

<h3>4.1 Data Classification</h3>
<p>Data classified as Public, Internal, Confidential, or Highly Sensitive with appropriate controls.</p>

<h3>4.2 Encryption Standards</h3>
<ul>
    <li>TLS 1.3 for data in transit</li>
    <li>AES-256 for data at rest</li>
    <li>Secure key management and rotation</li>
</ul>

<h3>4.3 Data Retention and Disposal</h3>
<p>Data retained only as necessary with secure deletion methods.</p>

<h2>5. Network Security</h2>

<h3>5.1 Network Segmentation</h3>
<p>Isolated networks with firewalls, IDS, and regular monitoring.</p>

<h3>5.2 Secure Configuration</h3>
<p>Hardened systems following CIS Benchmarks.</p>

<h2>6. Physical Security</h2>

<h3>6.1 Facility Access</h3>
<p>Controlled access to data centers with biometric authentication.</p>

<h3>6.2 Equipment Security</h3>
<p>Secure storage in climate-controlled environments.</p>

<h2>7. Incident Response</h2>

<h3>7.1 Incident Response Plan</h3>
<p>Comprehensive plan for identification, containment, eradication, recovery, and notification.</p>

<h3>7.2 Breach Notification</h3>
<p>Incidents reported within 72 hours (GDPR) or 24 hours (NIS2) as applicable.</p>

<h2>8. Secure Development</h2>

<h3>8.1 Secure Coding Practices</h3>
<p>Code reviews, static/dynamic analysis, and vulnerability management.</p>

<h3>8.2 Change Management</h3>
<p>Formal approval processes for production changes.</p>

<h2>9. Third-Party Risk Management</h2>

<h3>9.1 Vendor Assessment</h3>
<p>Security assessments and contractual requirements for all vendors.</p>

<h2>10. Compliance and Auditing</h2>

<h3>10.1 Regulatory Compliance</h3>
<p>Compliance with GDPR, NIS2, and ISO/IEC 27001.</p>

<h3>10.2 Audits and Assessments</h3>
<p>Annual audits, quarterly penetration testing, and continuous monitoring.</p>

<h3>10.3 Training</h3>
<p>Mandatory annual security training for all personnel.</p>

<h2>11. Enforcement</h2>
<p>Compliance is mandatory. Violations may result in disciplinary action up to termination.</p>


    <div class="legal-contact">
        <h3>Contact Information</h3>
        <p>If you have any questions about this security policy, please contact us:</p>
        <ul>
            <li><strong>Email:</strong> <a href="mailto:legal@mywebdav.eu">legal@mywebdav.eu</a></li>
            <li><strong>Website:</strong> <a href="https://mywebdav.eu">https://mywebdav.eu</a></li>
            <li><strong>Address:</strong> MyWebdav Technologies, European Union</li>
        </ul>
    </div>
</div>
{% endblock %}