Security Policy Our Commitment to Security

At Kargoship, security is not an afterthought—it's built into everything we do.

Overview

This Security Policy outlines our approach to securing our systems, data, and communications. It reflects our commitment to implementing industry best practices and aligning with frameworks such as the NIST Cybersecurity Framework.

Website Security Measures

Our website implements several security measures to protect visitors:

  • HTTPS Encryption: All communications with our website are encrypted via HTTPS
  • Security Headers: We implement comprehensive security headers to prevent common web vulnerabilities
  • Content Security Policy: We restrict the sources of content that can be loaded on our pages
  • Cookie-Free Approach: Our website operates without cookies, enhancing privacy and security
  • Regular Updates: We keep all components and dependencies up-to-date with security patches
  • Minimal Data Collection: We only collect information voluntarily provided via email

Vulnerability Reporting

If you discover a security vulnerability on our website or in our services, we encourage you to report it to us responsibly:

  1. Email your findings to [email protected] with "Security Vulnerability" in the subject line
  2. Provide sufficient information for us to reproduce and address the issue
  3. Allow reasonable time for us to address the vulnerability before public disclosure

We commit to acknowledging reports within 48 hours and providing regular updates on our progress in addressing valid security concerns.

NIST Framework Alignment

Our security practices align with the NIST Cybersecurity Framework's core functions:

  • Identify: We maintain inventory of systems and assess risks regularly
  • Protect: We implement protective technologies and awareness training
  • Detect: We employ monitoring systems to identify security events
  • Respond: We have procedures in place to address detected security incidents
  • Recover: We maintain recovery plans to restore capabilities after incidents

Secure Development Practices

We adhere to secure development practices including:

  • Regular security training for all developers
  • Static and dynamic code analysis
  • Regular security testing and vulnerability scanning
  • Third-party dependency monitoring
  • Secure code review processes

Compliance

Our security practices are designed to comply with relevant standards and regulations, including:

  • GDPR (General Data Protection Regulation)
  • NIST Cybersecurity Framework
  • OWASP Top 10 security risks

Contact Us

For any questions regarding our security practices or to report a security concern, please contact us at:

Email: [email protected]

Last Updated: March 16, 2025