Start Your Research
Back to Home

Legal

Security

Last updated: February 24, 2026

Overview

At DeepValue, protecting the data you entrust to us is a core responsibility. This page describes the technical and organisational measures we have in place to keep your account, personal data, and research activity secure.

Security is an ongoing commitment. We continuously review and improve our practices as threats evolve and as we grow. If you discover a vulnerability, please see our Vulnerability Disclosure section below.

Data Encryption

In transit

All communication between your browser and our servers is encrypted using TLS 1.2 or higher. We enforce HTTPS across the entire https://www.deepvalue.tech domain and use HTTP Strict Transport Security (HSTS) to prevent downgrade attacks.

At rest

Sensitive data stored in our databases — including credentials and personal information — is encrypted at rest using AES-256. Passwords are never stored in plain text; they are hashed using a strong adaptive algorithm (bcrypt) with per-user salts.

Infrastructure

  • Our platform is hosted on reputable cloud infrastructure providers with SOC 2 Type II and ISO 27001 certifications.
  • Production systems run in isolated environments separated from development and staging.
  • We use firewalls and network-level access controls to restrict traffic to only what is necessary.
  • Regular automated backups are performed with point-in-time recovery capability. Backups are encrypted and stored in geographically separate locations.
  • Our infrastructure is monitored 24/7 with automated alerting for anomalous activity.

Access Controls

  • Internal access to production data follows the principle of least privilege — team members only access what they need for their role.
  • Access to sensitive systems requires multi-factor authentication (MFA).
  • All internal access is logged and audited.
  • Access rights are reviewed regularly and revoked promptly when no longer needed (e.g., when a team member leaves).
  • We do not allow shared credentials for production system access.

Account Security

We provide the following safeguards for user accounts:

  • Passwords must meet minimum complexity requirements.
  • Failed login attempts trigger account lockout after repeated failures to prevent brute-force attacks.
  • Session tokens are rotated on login and invalidated on logout.
  • Suspicious login activity (e.g., login from a new device or location) may trigger an email notification.

Protect your account

Use a strong, unique password for your DeepValue account. Never share your credentials. If you suspect your account has been compromised, contact us immediately at klemen@deepvalue.tech.

Payment Security

We do not store, process, or transmit raw credit card data on our servers. All payment processing is handled by a PCI DSS-compliant third-party payment provider. What we store is only a tokenised reference to your payment method, never the full card details.

If you believe an unauthorised charge has occurred, contact us at klemen@deepvalue.tech immediately.

Application Security

We apply industry-standard secure development practices, including:

  • Input validation and output encoding to prevent injection attacks (SQL injection, XSS, etc.).
  • Cross-Site Request Forgery (CSRF) protection on all state-changing endpoints.
  • Security-focused HTTP response headers (Content-Security-Policy, X-Frame-Options, etc.).
  • Rate limiting on authentication endpoints and public APIs to prevent abuse.
  • Honeypot fields and timing analysis on signup forms to mitigate bot submissions.
  • Dependency scanning and regular updates to patch known vulnerabilities in third-party libraries.
  • Code review processes that include security considerations before deployment.

Incident Response

We maintain an incident response plan to ensure we can react quickly and effectively to security events:

  • Security incidents are triaged and assigned severity levels immediately upon detection.
  • Affected systems are isolated to contain the impact of a potential breach.
  • In the event of a data breach affecting your personal information, we will notify you as required by applicable law — and in any case within 72 hours of becoming aware of the incident.
  • A post-incident review is conducted after every significant security event to identify root causes and prevent recurrence.

Vulnerability Disclosure

Found a security issue?

We welcome responsible disclosure from security researchers. If you believe you have found a vulnerability in our platform, please report it to us privately before making any public disclosure.

To report a vulnerability, email us at klemen@deepvalue.tech with the subject line Security Vulnerability Report. Please include:

  • A description of the vulnerability and its potential impact.
  • Steps to reproduce the issue.
  • Any proof-of-concept code or screenshots (if applicable).
  • Your contact details so we can follow up.

We will acknowledge your report within 3 business days and aim to resolve confirmed vulnerabilities as quickly as possible. We ask that you:

  • Give us reasonable time to investigate and remediate before any public disclosure.
  • Avoid accessing, modifying, or deleting data that does not belong to you.
  • Not perform any actions that could degrade the availability of the Service.

We appreciate the work of the security community and will credit responsible disclosures publicly (with your permission) after a fix is in place.

Contact

For any security-related questions or concerns, please contact us:

DeepValue Security

Email: klemen@deepvalue.tech

Website: https://www.deepvalue.tech