Security Overview

The security of user data is a top priority for askU. This document outlines the technical and organizational measures we take to protect your information.

1. Data Protection

• Encryption in Transit: All data transmitted between the askU app and our servers is encrypted using standard TLS 1.2+ protocols.
• Encryption at Rest: Sensitive data stored in our databases is encrypted at rest using industry-standard AES-256 encryption.

2. Authentication

We utilize secure authentication mechanisms to verify user identity. We integrate with Denison University's official Single Sign-On (SSO) infrastructure where possible, meaning we do not store your university passwords directly.

3. Access Controls

We follow the principle of least privilege. Access to production data is restricted to a small number of authorized engineering personnel who require it for maintenance or debugging purposes. All access is logged and monitored.

4. Monitoring

We maintain logs of system activity to detect and respond to potential security incidents. These logs are reviewed regularly for anomalies.

5. Vulnerability Reporting

We value the contributions of the security research community. If you believe you have found a security vulnerability in askU, please report it to us immediately.

Security Contact: security@asku.app

6. Incident Response

We maintain an internal incident response plan to address security events promptly. In the event of a data breach affecting your personal information, we will notify you in accordance with applicable laws.

For general questions about our security practices, please contact support@asku.app.