Security Policy

Version: 2026-02-20

Last updated: 2026-02-20

DarsKhana applies layered technical and operational safeguards to protect user accounts, lesson operations, and payment-related workflows.

1. Security principles

  • Least privilege and role-based access for operational users.
  • Data minimization and purpose limitation.
  • Defense in depth across application, infrastructure, and provider controls.
  • Prompt incident response and audit-oriented logging for critical events.

2. Account and authentication controls

  • Password hashing and session protections for account login flows.
  • Email verification and password reset workflows for account recovery.
  • Monitoring of suspicious login and account activity where available.

3. Payment security controls

  • Use of trusted third-party payment processors for sensitive card handling.
  • Storage of payment references/tokens and operational billing metadata, not full raw card details.
  • Safeguards around payment-method deletion when active charges/bookings still reference that method.

4. Application and platform safeguards

  • Input validation and CSRF protections on sensitive actions.
  • Operational logging for payments, scheduling, and security-relevant account actions.
  • Versioned policy acceptance tracking and auditable records.

5. Data handling and retention security

  • Restricted access to user data based on business need and role.
  • Retention controls to reduce unnecessary long-term data exposure.
  • Special handling for safeguarding and incident-related records.

6. Incident response

  • Security issues are triaged by severity and investigated with relevant logs.
  • Where required, affected users and relevant authorities are notified according to legal obligations.
  • Corrective actions may include credential resets, account restrictions, and system changes.

7. User responsibilities

  • Use strong unique passwords and protect account access.
  • Do not share login credentials.
  • Report suspicious account or payment activity immediately.

8. Reporting security concerns

If you identify a potential vulnerability or account compromise, contact Admin@darskhana.com with relevant details (time, account, and observed behavior).

Related policies: Terms | Privacy | Cancellation & Refunds | Payments | Safeguarding