Effective date: 17 July 2026
KVM Service treats security as an ongoing responsibility across design, development, deployment, maintenance, and customer support.
1. Scope — This policy describes our general safeguards for kvmservice.com and systems operated by KVM Service; project-specific controls are defined by contract.
2. Secure development — We apply appropriate design review, input validation, output handling, authentication, authorisation, testing, and controlled deployment practices.
3. Access control — Administrative access is restricted to authorised people and services using least-privilege permissions and reviewed access where practical.
4. Credentials and secrets — Passwords, keys, and tokens must be protected, rotated when necessary, and never committed to public source code or shared insecurely.
5. Encryption — We use encrypted network connections where supported and apply suitable protection to sensitive stored information based on risk and system capability.
6. Application protection — Public and administrative functions are separated where practical, submitted data is validated, and sensitive endpoints require authentication.
7. Infrastructure — Servers and services use secure configuration, restricted network access, firewall controls, supported software, and timely security maintenance where included.
8. Dependencies — We review important software dependencies and security notices and prioritise updates according to severity, exposure, compatibility, and operational risk.
9. Monitoring and logs — Systems may record access, errors, authentication, administrative actions, and security events to support detection, investigation, and reliability.
10. Backups and recovery — Where included in service scope, backups are protected, retention is controlled, and restoration procedures are periodically reviewed or tested.
11. Data minimisation — We seek to collect only necessary information, restrict access, and retain it only for operational, contractual, security, and legal purposes.
12. Service providers — Hosting, email, database, storage, and other providers are selected according to business needs and are given only the access reasonably required.
13. Incident response — We assess credible incidents, contain risk, preserve relevant evidence, remediate appropriately, and notify affected parties when legally or contractually required.
14. Responsible disclosure — Report suspected vulnerabilities privately to [email protected] with the affected service, description, reproduction steps, and evidence; do not access unrelated data or disrupt service.
15. Limitations and updates — No security programme eliminates every risk. Controls vary by project scope, and this policy may be updated as technology, threats, and obligations change.
KVM Service is online
How can we help?
Tell us what you are building. A product specialist usually replies within a few minutes during business hours.