1. Introduction
At Composeright, we take the security of our customers’ data seriously. This Security Policy outlines the measures we implement to protect your information and ensure the integrity, confidentiality, and availability of our services.
2. Security Commitment
We are committed to maintaining a secure cloud environment and continuously improving our security posture. Our security policies and controls are guided by industry-recognized frameworks, including:
These frameworks influence our technical controls, development lifecycle, and operational practices.
3. Data Protection and Privacy
We apply robust data protection practices to safeguard your personal and organizational data:
Encryption in Transit and at Rest: All data is encrypted using TLS 1.2+ during transit and AES-256 at rest.
Data Isolation: Customer data is logically segregated in our multi-tenant architecture.
Access Control: Role-based access controls (RBAC) are enforced using least privilege principles.
For more information, please refer to our Privacy Policy.
4. Application Security
We incorporate secure development lifecycle (SDLC) practices to proactively manage risks:
Regular code reviews and security audits
Automated and manual vulnerability scanning (e.g., Static and Dynamic Application Security Testing – SAST, DAST)
Penetration testing by independent third-party security firms
Penetration Input validation, rate limiting, and secure authentication mechanismstesting by independent third-party security firms
5. Identity and Access Management
We protect user and administrative access with multiple layers of defense:
Strong password policies and secure password hashing
Multi-factor authentication (MFA)
Session expiration and IP-based access restrictions
6. Infrastructure and Network Security
Our platform is hosted on AWS and Azure, both of which provide robust cloud security controls. We implement:
Network segmentation via virtual private clouds (VPCs) and firewalls
Intrusion detection and prevention systems (IDS/IPS)
24/7 infrastructure monitoring and alerting
Regular system patching and security updates
7. Monitoring and Incident Response
We continuously monitor our environment and maintain a formal incident response plan:
Real-time system and application logging
Automated threat detection and anomaly alerts
A documented incident response plan (IRP) with root cause analysis and post-incident reviews
8. Business Continuity and Disaster Recovery
We design for resilience to minimize disruptions:
Daily encrypted backups stored across multiple geographic locations
High-availability architecture with automated failover
SLA-backed uptime guarantees (e.g., 99.9%)
9. Employee Security Practices
We enforce rigorous internal security standards for personnel:
Background checks for staff with access to sensitive systems
Secure device policies including VPN use, endpoint security, and mandatory MFA
Immediate access revocation during employee offboarding
10. Compliance and Regulatory Alignment
We operate in alignment with globally recognized standards and comply with applicable regulations, including:
Background GDPR (General Data Protection Regulation)
CCPA (California Consumer Privacy Act)
Australian Privacy Actchecks for staff with access to sensitive systems
11. Vulnerability Disclosure
We support responsible disclosure and value contributions from the security community. If you discover a vulnerability, please contact us at: support@write.studio.
We aim to respond within 3 business days and appreciate your efforts to keep our systems secure.
12. Contact Us
Composeright Pty Ltd
PO Box 151, Buderim, Qld,m 4556, AUSTRALIA
Email: support@write.studio
Last updated: 27 July 2025
.png)
