1. Our Commitment to Security

HAESUNG CONSTRUCTION, inc. is committed to protecting the security of our website, systems, and the personal information of our users. We implement reasonable security measures appropriate to the size and nature of our business to safeguard against unauthorized access and data breaches.

2. Data Protection Measures

We employ the following security measures to protect your data:

• Encryption: All data transmitted between your browser and our servers is encrypted using TLS/SSL (HTTPS) protocols.
• Access Controls: Role-based access controls (5-tier: Super Admin, Manager, Personnel, User, Guest) limit data access to authorized personnel only.
• Authentication: Strong password requirements protect user accounts. Email-based two-factor authentication (2FA) is available for administrator accounts.
• CSRF Protection: Cross-Site Request Forgery protection is implemented on all forms using session-based tokens.
• Input Validation: User inputs are validated and sanitized to prevent injection attacks (SQL injection, XSS).
• SVG Sanitization: Uploaded SVG files are scanned for malicious scripts before acceptance.

3. Infrastructure Security

Our current security infrastructure includes:

• HTTPS/TLS encryption for all communications
• Session-based CSRF protection
• Role-based authentication via CodeIgniter Shield
• Spam detection on user-submitted content
• File upload type and MIME validation
• Rate limiting on authentication endpoints

Planned improvements: As we grow, we plan to implement cloud-based Web Application Firewall (WAF) and DDoS protection services, automated vulnerability scanning, and enhanced monitoring capabilities.

4. Data Backup

We perform periodic backups of our database and uploaded files. We are working to implement automated daily backup procedures to ensure data can be recovered in the event of system failure or data loss.

5. Incident Response

In the event of a security incident involving personal information, we will:

1. Immediately investigate and contain the incident
2. Assess the scope and impact of the breach
3. Notify affected users in the most expedient time possible and without unreasonable delay, in accordance with applicable state and federal laws
4. Take corrective actions to prevent future occurrences
5. Cooperate with relevant authorities as needed

For Georgia residents: Notifications will be made in compliance with the Georgia Personal Identity Protection Act (O.C.G.A. § 10-1-910 et seq.).

6. Information We Collect

Our website collects limited personal information:

• Account registration: Email address and password (stored as encrypted hash)
• Contact forms: Name, email, phone number, and message content
• Comments: Author name, email, and IP address
• Visitor logs: IP address, browser type, and pages visited (for analytics)

We do not collect Social Security numbers, financial account information, or other highly sensitive personal data through this website.

7. User Responsibilities

We encourage all users to help maintain security by:

• Using strong, unique passwords for your account
• Not sharing your login credentials with others
• Logging out after each session, especially on shared devices
• Reporting any suspicious activity to our team
• Keeping your browser and operating system up to date

8. Vulnerability Reporting

If you discover a security vulnerability on our website, please report it responsibly by contacting us at info@haesung.io. We appreciate your help in keeping our systems secure and will acknowledge your report promptly.

9. Third-Party Services

We use third-party open source software (listed on our Open Source Licenses page). While we select reputable software and keep dependencies updated, we cannot guarantee the security of external services linked from our site.

10. Updates to This Policy

This Security Policy may be updated periodically to reflect changes in our security practices or legal requirements. The latest version will always be available on this page.