Security Policy | Alethium

Last reviewed: 25th May 2025

Alethium Ltd — Company No. 14540941

Applies to: Public Website (alethium.io)

Alethium is committed to protecting the confidentiality, integrity, and availability of information shared via our public website (alethium.io). This Security Policy outlines the measures we take to ensure our public-facing digital infrastructure is secure and resilient against threats. As a B2B platform built on trust — especially in the regulated supplements industry — we recognise that data protection and secure interactions are foundational to our business.

SECTION 1

Purpose

1.1

This Security Policy outlines the measures Alethium takes to ensure our public-facing digital infrastructure is secure and resilient against threats. It reflects our commitment to protecting the confidentiality, integrity, and availability of information shared via alethium.io.

SECTION 2

Scope

2.1

This policy applies to Alethium's public website and its associated services, including marketing forms, newsletters, contact interfaces, and informational content.

2.2

It does not extend to the Alethium platform used by registered buyers and sellers, which is governed by a separate platform security and data policy.

SECTION 3

Security Principles

3.1

Alethium applies the following core security principles to its public website:

Data Minimization
We only collect essential personal data (e.g. contact form submissions) and process it in accordance with GDPR.
Defence in Depth
Multiple layers of security controls are used to protect against unauthorised access and malicious activity.
Proactive Monitoring
We monitor traffic and access logs to detect anomalies or potential threats.
Continuous Improvement
Our website is reviewed and updated regularly to patch vulnerabilities and enhance resilience.

SECTION 4

Technical Safeguards

4.1

Alethium employs industry-standard technical controls, including:

HTTPS Encryption
All data transmitted between the website and users is encrypted using TLS.
Secure Hosting
The website is hosted with a reputable cloud provider that meets ISO/IEC 27001 and GDPR compliance standards.
Firewall and DDoS Protection
Web traffic is filtered through a Web Application Firewall (WAF) and protected by automated denial-of-service mitigation tools.
Security Headers
HTTP headers such as Content-Security-Policy, X-Content-Type-Options, and Strict-Transport-Security are used to guard against common vulnerabilities.

SECTION 5

Content & Form Security

Input Validation
All user input from contact forms or newsletter subscriptions is sanitised to prevent injection attacks.
Spam Protection
CAPTCHA and anti-bot measures are deployed to reduce spam submissions and abuse.
File Upload Restrictions
No file uploads are permitted through the public website without explicit validation and virus scanning.

SECTION 6

Access & Change Control

Role-Based Access
Only authorised team members may access the website's backend or make content changes.
Version Control & Change Logging
All code and content changes are version-controlled and logged.
Two-Factor Authentication (2FA)
Administrative access to the website is protected by multi-factor authentication.

SECTION 7

Third-Party Integrations

7.1

Alethium's website may integrate third-party services such as analytics, forms, and CRM tools. These services are reviewed for security compliance and data handling practices, with preference given to EU-based or GDPR-compliant providers.

SECTION 8

Incident Response

8.1

In the event of a website-related security incident, Alethium will:

1 Investigate and contain the breach immediately.
2 Notify affected parties if applicable.
3 Report to supervisory authorities if legally required.
4 Document the incident and update security measures.

SECTION 9

User Responsibilities

9.1

Users accessing Alethium's website are encouraged to:

Refrain from attempting unauthorised access to any part of the platform.
Report any suspicious activity to security@alethium.io.
Avoid submitting sensitive personal data via contact forms.

SECTION 10

Policy Review

10.1

This policy is reviewed at least annually or following any major changes to our website architecture or regulatory environment.

CONTACT

Contact

For questions related to this policy or to report a security concern, please contact us at: security@alethium.io

End of Security Policy

This policy applies to alethium.io and its associated public-facing services. For questions about how we handle personal data more broadly, please see our Privacy Policy.