At Shopyly, a subsidiary of CodeXel FZ LLC, security isn’t just a feature – it’s fundamental to everything we do. We understand that our clients trust us with their business operations and sensitive data, and we take this responsibility seriously. Our security program is built on multiple layers of protection, continuous monitoring, and regular updates to address evolving threats.
Infrastructure Security
Our infrastructure is built with security at its core. We use enterprise-grade encryption for all data, both in transit and at rest. All data transmitted between our servers and clients is protected using TLS 1.3 protocol, while stored data is secured using AES-256 encryption. Our systems operate behind multi-layered firewalls and include sophisticated DDoS mitigation to ensure continuous service availability.
We partner with ISO 27001 certified data centers that maintain the highest standards of physical and network security. These facilities implement multiple redundancy layers and automatic failover systems to prevent data loss and ensure service continuity. Our backup procedures include regular encrypted off-site storage, providing an additional layer of data protection.
Access Management
We implement strict access controls throughout our organization. Every account access requires two-factor authentication (2FA), and we enforce strong password policies across all systems. Our role-based access control (RBAC) ensures that team members only have access to the resources necessary for their work, following the principle of least privilege.
All administrative actions are carefully logged and regularly audited. We conduct periodic access reviews to ensure that permissions remain appropriate and revoke unnecessary access promptly. Session management includes automatic timeouts and IP-based restrictions where appropriate, adding another layer of security to our access controls
Operational Security
Our security operations center maintains 24/7 monitoring of all systems. We employ automated vulnerability scanning and intrusion detection systems to identify and respond to potential threats quickly. Regular security patches and updates are applied across our infrastructure to maintain the highest security standards.
In our development processes, security is integrated from the ground up. Our secure development lifecycle includes mandatory code reviews, automated security testing in our CI/CD pipeline, and regular security training for our development team. This ensures that security best practices are followed at every stage of development.
Incident Response and Recovery
Despite the best preventive measures, we maintain comprehensive incident response capabilities. Our dedicated incident response team follows documented procedures for handling security events, with clear escalation paths and notification protocols. We conduct regular drills to ensure our team is prepared to respond effectively to any security incident.
Our business continuity and disaster recovery procedures are regularly tested and updated. These plans ensure that we can maintain or quickly restore services in the event of any disruption, while protecting the security and integrity of our clients’ data throughout the process.
Compliance and Standards
We adhere to internationally recognized security standards and maintain compliance with key regulations including PCI DSS, GDPR, and UAE Data Protection Law. Our systems and processes are aligned with ISO 27001 standards, demonstrating our commitment to information security best practices.
Client Security Responsibilities
Security is a shared responsibility. We provide our clients with the tools and guidance necessary to maintain secure operations. This includes recommendations for strong password practices, two-factor authentication setup, and secure data handling procedures. We encourage clients to regularly review their security settings and authorized users, and to promptly report any suspicious activities.
Third-Party Security
Our commitment to security extends to our relationships with third-party vendors and partners. We conduct regular security assessments of our vendors and maintain strict data processing agreements. All integrations are regularly tested and monitored to ensure they meet our security standards.
Security Communications
For security-related matters, you can reach our security team at [email protected]. For reporting security issues, please contact [email protected]. We respond to all security reports within 24 hours, and encrypted communication channels are available for sensitive information.
Policy Updates
This security policy is reviewed and updated regularly to reflect changes in our security practices and emerging threats. We notify clients of significant changes to our security procedures and welcome feedback on our security practices.