HomePolicySecurity Policy

Security Policy

Effective Date: Oct 2025
Last Updated: Oct 2025

At Framworq, we take data security and privacy seriously. This Security Policy outlines the measures we take to protect client data, user information, and the systems that support our AI automation and digital solutions.

Our goal is to ensure that all data handled by Framworq remains confidential, secure, and accessible only to authorized parties.

1. Overview

Framworq implements administrative, technical, and physical safeguards to maintain the integrity, confidentiality, and availability of data processed through our systems.
We regularly assess our infrastructure and workflows to ensure compliance with international security standards and best practices.

2. Data Protection Principles

Our approach to data protection is guided by the following principles:

  • Data is collected and processed only for legitimate business purposes.

  • Access to data is restricted based on the principle of least privilege.

  • All client data is handled confidentially and securely.

  • Data retention is limited to what is necessary for service delivery and legal compliance.

  • Systems and processes are continuously monitored and improved for security.

3. Access Control

We enforce strict access control policies across all internal systems.

  • Only authorized personnel with a business need can access client data.

  • Role-based permissions are used to limit access to sensitive information.

  • Multi-factor authentication (MFA) is implemented where applicable to strengthen user verification.

  • Access logs are monitored and reviewed regularly to detect unauthorized attempts.

4. Data Storage and Encryption

All client and user data are stored on secure servers with restricted access.

  • Sensitive information transmitted between our systems and external services is encrypted using SSL/TLS protocols.

  • Stored data is protected using encryption mechanisms provided by our hosting and service partners.

  • Backups are performed regularly to ensure data integrity and recovery capability.

We work only with reputable hosting and cloud service providers that maintain high security standards and comply with international data protection regulations.

5. Network and Infrastructure Security

Framworq’s systems are hosted on secure environments with continuous monitoring.

  • Firewalls and intrusion detection systems are employed to prevent unauthorized access.

  • Software and server components are updated regularly to mitigate vulnerabilities.

  • Periodic vulnerability assessments and performance audits are conducted.

  • All third-party integrations are reviewed for security compliance before deployment.

6. Application Security

We follow secure development and testing practices for all automation workflows and software configurations.

  • Code reviews and testing are performed before production release.

  • Sensitive data, such as API keys or tokens, are stored securely and never shared publicly.

  • Environments are separated for development, testing, and production to reduce risk.

  • Logs are maintained for operational and security monitoring.

7. Third-Party Services and Integrations

Framworq integrates with third-party applications and APIs (such as Google, OpenAI, Zapier, Slack, and others) to deliver automation solutions.
While these platforms have their own security measures, Framworq:

  • Evaluates third-party partners for reliability and compliance.

  • Limits the scope of data shared with third-party tools to only what is necessary for workflow functionality.

  • Ensures that external connections are made over secure, encrypted channels.

We are not responsible for vulnerabilities or breaches occurring within third-party systems that are outside our operational control.

8. Client Responsibilities

To maintain a secure working relationship, clients also play a role in protecting their data.
We advise clients to:

  • Keep account credentials, API keys, and passwords confidential.

  • Revoke or rotate tokens periodically to minimize unauthorized access risk.

  • Notify Framworq immediately if any unauthorized activity is detected.

  • Avoid sharing confidential data through unencrypted or unsecured channels.

9. Incident Response

In the event of a suspected or confirmed security incident:

  • Framworq will promptly investigate the issue.

  • Impacted systems will be isolated to contain the incident.

  • Clients whose data may be affected will be notified as soon as possible.

  • Root cause analysis will be conducted, and corrective actions will be implemented to prevent recurrence.

We maintain an internal response plan to ensure timely communication and resolution of all security matters.

10. Data Retention and Disposal

Framworq retains client data only for as long as necessary to fulfill the purpose for which it was collected.
When data is no longer required:

  • It is securely deleted or anonymized.

  • Backup copies are removed during routine archival cleanup.

  • Access permissions are revoked for inactive accounts or completed projects.

11. Compliance and Standards

Framworq aligns its security and privacy practices with globally recognized frameworks and local data protection laws, including:

  • General Data Protection Regulation (GDPR)

  • Personal Data Protection Act (PDPA) Malaysia

  • California Consumer Privacy Act (CCPA)

  • Industry best practices for secure automation and cloud management

Our vendors and service partners are expected to maintain equivalent security and compliance standards.

12. Employee Awareness and Training

All team members and contractors undergo security awareness training during onboarding and periodically thereafter.
Training covers:

  • Safe data handling practices

  • Identifying phishing and social engineering attacks

  • Proper use of internal systems and credentials

  • Reporting procedures for security incidents

Employees are required to adhere to our confidentiality and acceptable use policies at all times.

13. Continuous Improvement

Framworq regularly reviews and updates its security measures to stay aligned with evolving threats, technologies, and compliance requirements.
Security audits and assessments are part of our ongoing commitment to safeguarding client and user data.

14. Contact Us

If you have questions or concerns about our Security Policy or wish to report a potential vulnerability, please contact us at:
Email: hello@framworq.com
Website: https://framworq.com

Contact