Skip to main contentSkip to navigationSkip to search
Supreme Logo

Supreme.PM

Log InGet Started

SECURITY POLICY


Effective Date: January 1, 2024


THIS SECURITY POLICY DESCRIBES THE SECURITY MEASURES IMPLEMENTED BY SUPREME.PM, INC. ("COMPANY," "WE," "US," OR "OUR") TO PROTECT USER INFORMATION AND SYSTEM INTEGRITY.


1. SECURITY COMMITMENT


1.1 Reasonable Measures. We implement commercially reasonable security measures appropriate to the nature of the information we collect and the services we provide.


1.2 No Guarantee. NO SECURITY SYSTEM IS IMPENETRABLE. WE CANNOT GUARANTEE THE ABSOLUTE SECURITY OF YOUR INFORMATION OR OUR SYSTEMS.


1.3 Shared Responsibility. Security requires cooperation between Supreme.PM and users. You are responsible for maintaining the confidentiality of your credentials and for activities under your account.


2. TECHNICAL SAFEGUARDS


2.1 Encryption

  • **Data at Rest:** AES-256 encryption
  • **Data in Transit:** TLS 1.3 or higher
  • **Key Management:** Industry-standard key rotation and storage

    • 2.2 Access Controls

  • Multi-factor authentication available
  • Role-based access controls
  • Session management with automatic timeout
  • Password complexity requirements

    • 2.3 Infrastructure Security

  • Firewalls and intrusion detection systems
  • DDoS mitigation
  • Regular security patches and updates
  • Isolated production environments

    • 3. OPERATIONAL SECURITY


    3.1 Monitoring. We maintain logs and monitoring systems to detect potential security incidents.


    3.2 Incident Response. We maintain incident response procedures to address potential security breaches.


    3.3 Vendor Management. We require service providers to maintain appropriate security measures through contractual obligations.


    3.4 Employee Access. Access to user information is limited to employees who require it for business purposes and are bound by confidentiality obligations.


    4. COMPLIANCE


    4.1 Standards. We strive to align our security practices with industry standards and best practices.


    4.2 Audits. We conduct periodic security assessments to evaluate and improve our security posture.


    4.3 Legal Compliance. We comply with applicable laws and regulations regarding data security.


    5. USER RESPONSIBILITIES


    To help protect your account, you should:

  • Use strong, unique passwords
  • Enable multi-factor authentication
  • Keep login credentials confidential
  • Report suspicious activity immediately
  • Keep your devices and software updated
  • Use secure network connections

    • 6. PROHIBITED ACTIVITIES


    You agree not to:

  • Attempt to gain unauthorized access to any systems
  • Probe, scan, or test vulnerabilities
  • Circumvent security measures
  • Use automated tools without permission
  • Interfere with service operation
  • Attempt to decrypt or reverse engineer

    • 7. VULNERABILITY DISCLOSURE


    7.1 Responsible Disclosure.: We appreciate responsible disclosure of security vulnerabilities. Report to: [email protected]


    7.2 No Legal Action.: We will not pursue legal action against good-faith security researchers who:

  • Follow responsible disclosure practices
  • Do not access user data beyond necessity
  • Do not disrupt our services
  • Provide reasonable time for remediation

    • 8. DATA BREACH NOTIFICATION


    8.1 Legal Requirements. In the event of a data breach, we will comply with applicable breach notification laws.


    8.2 User Notification. We will notify affected users as required by law, typically within 72 hours of discovery.


    8.3 Content.: Notifications will include, as applicable:

  • Nature of the incident
  • Types of information involved
  • Steps we are taking
  • Recommended user actions

    • 9. THIRD-PARTY SECURITY


    9.1 No Control. We are not responsible for the security practices of third-party websites or services.


    9.2 Integration Security. We implement security measures for third-party integrations but cannot guarantee third-party security.


    10. LIMITATIONS


    10.1 NO WARRANTY. SECURITY MEASURES ARE PROVIDED "AS IS" WITHOUT WARRANTY OF ANY KIND.


    10.2 ASSUMPTION OF RISK. YOU ACKNOWLEDGE THAT NO INTERNET TRANSMISSION IS COMPLETELY SECURE AND ASSUME THE RISK OF INFORMATION DISCLOSURE.


    10.3 LIABILITY. OUR LIABILITY FOR SECURITY INCIDENTS IS LIMITED AS SET FORTH IN OUR TERMS OF SERVICE.


    11. CHANGES TO SECURITY


    We may update our security measures at any time. Material changes that reduce protection will be notified as required by law.


    12. CONTACT INFORMATION


    Security Team

    Supreme.PM, Inc.

    Email: [email protected]


    Vulnerability Reports

    Email: [email protected]

    Encrypt sensitive information using PGP


    General Inquiries

    Email: [email protected]


    BY USING OUR SERVICE, YOU ACKNOWLEDGE THAT YOU HAVE READ AND UNDERSTOOD THIS SECURITY POLICY AND ACCEPT THE SECURITY RISKS INHERENT IN INTERNET-BASED SERVICES.

    ← Back to Home
    Questions? Contact Us