Information Security Policy

Last updated: January 2026

This Information Security Policy outlines how Crowd Challenge protects all user data, system resources, digital assets, and confidential information. Our goal is to ensure confidentiality, integrity, and availability of all information stored or processed within the platform.

1. Purpose

This policy is to:

  • Protect user information from unauthorized access
  • Ensure secure handling of data and transactions
  • Maintain trust and transparency with users
  • Prevent data loss, misuse or corruption
  • Establish a standard for internal security practices

2. Scope

This policy applies to:

  • All users of Crowd Challenge app
  • All employees, contractors and developers associated with the platform
  • All data stored on servers, cloud services, and internal systems
  • All third-party services integrated with the app

3. Core Security Principles

Crowd Challenge follows these security principles:

3.1 Confidentiality

Only authorized persons can access confidential or sensitive data.

3.2 Integrity

Data must remain accurate, unaltered, and protected from unauthorized modification.

3.3 Availability

Services and data must be available to users whenever needed, without unnecessary interruptions.

4. Data Protection Measures

We apply multiple layers of security to protect all information.

4.1 Encryption

  • Data in transit is protected with HTTPS/SSL encryption
  • Sensitive data is stored in encrypted form

4.2 Access Control

  • Role-based access management
  • Multi-factor authentication for administrative accounts
  • Limited access for developers and staff

4.3 Server & Infrastructure Security

  • Regular security updates and patches
  • Firewall and intrusion detection systems
  • Secure cloud infrastructure with backup solutions

4.4 Monitoring & Auditing

  • Continuous activity monitoring
  • Log analysis for suspicious behavior
  • Monthly security audits

5. User Responsibilities

To maintain security, users must:

  • Use strong passwords
  • Keep login details confidential
  • Report suspicious activity immediately
  • Avoid sharing account access with others

6. Developer & Staff Responsibilities

All internal team members must:

  • Follow secure coding practices
  • Use verified and secure third-party tools
  • Participate in regular security training
  • Maintain confidentiality of all user and system data

7. Incident Response

If a security incident occurs:

  • Incident is detected and logged
  • Threat is analyzed and contained
  • Affected systems are secured and restored
  • Users will be notified if their data is impacted
  • A full investigation and corrective action will follow

8. Data Backup & Recovery

We perform:

  • Regular automatic backups
  • Encrypted backup storage
  • Disaster recovery procedures to ensure service continuity

9. Third-Party Security

All third-party services (payment gateways, cloud providers, ad networks) must meet security standards including:

  • Compliance with international security practices
  • Secure data handling policies
  • Encrypted communication

We do not partner with services that lack proper security certifications.

10. Policy Review & Updates

This policy may be updated:

  • Annually
  • When new security threats arise
  • When system upgrades require changes

Users will be notified in-app if major changes occur.

Crowd Challenge is committed to maintaining the highest level of security for our users and protecting all information with care.

11. Contact Information

For questions or concerns about information security:

Address: Jhapa, Nepal

← Back to Home