Skip to main content

Security Policy

Tempory Mail's security measures, threat protection, and secure service delivery commitments

Security Policy

Last Updated: July 28, 2025

Effective Date: July 28, 2025

At Tempory Mail, we implement comprehensive security measures to maintain the highest level of user security and provide a secure temporary email service.

Our Security Commitments

Core Security Principles

  • **Defense in Depth**: Multi-layered security architecture

  • **Zero Trust**: Approach that trusts nothing by default

  • **Proactive Protection**: Detecting threats in advance

  • **Continuous Monitoring**: 24/7 security monitoring

  • **Rapid Response**: Immediate threat response

    • Security Standards

    βœ… **ISO 27001**: Information security management system

    βœ… **OWASP Top 10**: Web application security standards

    βœ… **NIST Framework**: Cybersecurity framework

    βœ… **SOC 2**: Security, availability, and privacy controls

    βœ… **PCI DSS**: Payment card data security (for advertising payments)

    Infrastructure Security

    Server Security

    #### Physical Security

  • **Secure Data Centers**: Tier 3+ data centers

  • **Access Control**: Multi-factor authentication

  • **Biometric Security**: Fingerprint and retina scanning

  • **24/7 Security**: Continuous physical security

    • #### System Security

  • **Updated Operating System**: Latest security patches

  • **Minimal Services**: Only necessary services running

  • **Firewalls**: Multi-layered firewall protection

  • **Intrusion Detection**: Attack detection systems

    • Network Security

    #### DDoS Protection

  • **Cloudflare**: Enterprise-level DDoS protection

  • **Traffic Filtering**: Automatic malicious traffic filtering

  • **Rate Limiting**: Speed limiting and traffic shaping

  • **Geographic Filtering**: Traffic blocking from risk regions

    • #### Data Encryption

  • **TLS 1.3**: Latest encryption protocol

  • **Perfect Forward Secrecy**: Session key protection

  • **HSTS**: Strict HTTPS redirection

  • **Certificate Pinning**: Certificate pinning

    • Application Security

    Web Application Protection

    #### OWASP Top 10 Protection

    1. **Injection Attacks**: SQL, NoSQL, LDAP injection protection

    2. **Broken Authentication**: Strong authentication mechanisms

    3. **Sensitive Data Exposure**: Sensitive data encryption

    4. **XML External Entities**: XXE attack protection

    5. **Broken Access Control**: Strict authorization controls

    6. **Security Misconfiguration**: Secure configuration management

    7. **Cross-Site Scripting**: XSS attack protection

    8. **Insecure Deserialization**: Secure data serialization

    9. **Known Vulnerabilities**: Current security patches

    10. **Insufficient Logging**: Comprehensive security logging

    #### Code Security

  • **Static Analysis**: Static code analysis

  • **Dynamic Testing**: Dynamic security testing

  • **Penetration Testing**: Regular penetration testing

  • **Code Review**: Security-focused code review

    • API Security

  • **API Gateway**: Secure API management

  • **Rate Limiting**: API call limitations

  • **Authentication**: API authentication

  • **Input Validation**: Input validation and sanitization

    • Data Security

    Data Protection

    #### Encryption

  • **At Rest**: AES-256 encryption at rest

  • **In Transit**: TLS 1.3 encryption during transmission

  • **In Use**: Memory protection during processing

  • **Key Management**: Secure key management

    • #### Data Minimization

  • **Only Necessary Data**: Minimal data collection

  • **Automatic Deletion**: Automatic deletion after specified time

  • **Anonymization**: Removal of personal identifiers

  • **Pseudonymization**: Data masking and fake identifiers

    • Backup Security

  • **Encrypted Backups**: All backups encrypted with AES-256

  • **Geographic Distribution**: Backup storage in different regions

  • **Versioning**: Multiple backup versions

  • **Tested Recovery**: Regular recovery testing

    • Access Security

    Authentication

    #### Multi-Factor Authentication (MFA)

  • **TOTP**: Time-based one-time passwords

  • **Hardware Tokens**: Physical security keys

  • **Biometric**: Biometric authentication

  • **SMS Backup**: Backup SMS authentication

    • #### Session Management

  • **Secure Sessions**: Strong session management

  • **Automatic Timeout**: Passive session termination

  • **Concurrent Sessions**: Concurrent session limitation

  • **Device Binding**: Device binding

    • Authorization

  • **Principle of Least Privilege**: Least privilege principle

  • **Role-Based Access**: Role-based access control

  • **Just-in-Time Access**: On-demand access

  • **Regular Reviews**: Regular privilege reviews

    • Security Monitoring

    24/7 Monitoring

    #### Security Information and Event Management (SIEM)

  • **Log Aggregation**: Centralized log collection

  • **Real-time Analysis**: Real-time analysis

  • **Threat Detection**: Automatic threat detection

  • **Incident Response**: Rapid incident response

    • #### Metrics

  • **Failed Login Attempts**: Failed login attempts

  • **Unusual Traffic Patterns**: Abnormal traffic patterns

  • **Data Access Patterns**: Data access patterns

  • **System Performance**: System performance metrics

    • Threat Intelligence

  • **Global Threat Intelligence**: Global threat intelligence

  • **Indicator of Compromise**: Threat indicators

  • **Threat Hunting**: Proactive threat hunting

  • **Vulnerability Scanning**: Regular vulnerability scanning

    • Security Incidents

    Incident Response Plan

    #### Detection and Classification

    1. **Automatic Detection**: Automatic detection with SIEM systems

    2. **Manual Report**: User reports and manual detection

    3. **Classification**: Incident severity classification

    4. **Escalation**: Escalation to senior management when necessary

    #### Response Steps

    1. **Isolation**: Isolation of affected systems

    2. **Investigation**: Incident root cause analysis

    3. **Cleanup**: Removal of malicious elements

    4. **Recovery**: Safe restoration of systems

    5. **Lessons Learned**: Lessons learned and improvements

    Data Breach Response

    In compliance with GDPR and other regulations:

    #### Within 72 Hours

  • **Authority Notification**: Notification to supervisory authorities

  • **Impact Assessment**: Impact assessment

  • **Containment**: Breach containment

  • **Evidence Preservation**: Evidence preservation

    • #### User Notification

  • **High Risk Cases**: Notification for high-risk situations

  • **Clear Communication**: Clear and direct communication

  • **Protective Measures**: Protective measure recommendations

  • **Contact Information**: Providing contact information

    • Security Training

    Staff Training

  • **Security Awareness**: Security awareness training

  • **Phishing Simulation**: Phishing simulations

  • **Secure Coding**: Secure coding training

  • **Incident Response**: Incident response training

    • Continuous Development

  • **Regular Updates**: Regular security updates

  • **Industry Best Practices**: Industry best practices

  • **Certification Programs**: Certification programs

  • **Knowledge Sharing**: Knowledge sharing sessions

    • Security Audits

    Internal Audits

  • **Quarterly Reviews**: Quarterly security reviews

  • **Policy Compliance**: Policy compliance checks

  • **Access Reviews**: Access rights reviews

  • **Configuration Audits**: Configuration audits

    • External Audits

  • **Third-party Assessments**: Third-party assessments

  • **Penetration Testing**: Professional penetration testing

  • **Compliance Audits**: Compliance audits

  • **Vulnerability Assessments**: Vulnerability assessments

    • User Security

    Security Recommendations

    #### Safe Usage

  • **Updated Browser**: Use the latest browser version

  • **Antivirus**: Use updated antivirus software

  • **Secure Network**: Use reliable internet connection

  • **Suspicious Links**: Don't click suspicious email links

    • #### Data Protection

  • **Sensitive Information**: Don't share sensitive information

  • **Public Wi-Fi**: Be careful on public Wi-Fi

  • **Screen Sharing**: Be careful when screen sharing

  • **Device Security**: Ensure your device security

    • Security Reporting

    If you detect a security vulnerability:

    Email: [email protected]

    Subject: "Security Vulnerability Report"

    Content: Detailed technical description

    Response: Confirmation within 24 hours

    Security Technologies

    Technologies We Use

  • **WAF**: Web Application Firewall (Cloudflare)

  • **DDoS Protection**: Cloudflare Enterprise

  • **CDN Security**: Secure content delivery network

  • **Bot Protection**: Automatic bot protection

  • **SSL/TLS**: Let's Encrypt and Cloudflare certificates

    • Security Tools

  • **SIEM**: Security Information and Event Management

  • **IDS/IPS**: Intrusion Detection/Prevention Systems

  • **Vulnerability Scanner**: Vulnerability scanning tools

  • **Log Analysis**: Log analysis tools

    • Compliance and Certifications

    Security Certifications

  • **ISO 27001**: Information security management system

  • **SOC 2 Type II**: Security and availability controls

  • **PCI DSS**: Payment card data security

  • **GDPR**: European data protection regulation

    • Regular Assessments

  • **Annual Assessments**: Annual security assessments

  • **Compliance Audits**: Compliance audits

  • **Risk Assessments**: Risk assessments

  • **Business Continuity**: Business continuity plans

    • Contact

    Security Team

    Email: [email protected]

    Subject: "Security Question"

    Response Time: Within 24 hours

    Language: Turkish, English

    Emergency

    Email: [email protected]

    Subject: "URGENT SECURITY"

    Response: Within 2 hours

    24/7 Support: For critical security incidents

    ---

    Summary

    Security Layers

    πŸ”’ **Physical Security**: Secure data centers

    πŸ”’ **Network Security**: DDoS protection and firewalls

    πŸ”’ **Application Security**: OWASP Top 10 protection

    πŸ”’ **Data Security**: AES-256 encryption

    πŸ”’ **Access Security**: Multi-factor authentication

    πŸ”’ **Monitoring**: 24/7 security monitoring

    Security Principles

    βœ… **Defense in Depth**: Multi-layered protection

    βœ… **Zero Trust**: No default trust

    βœ… **Proactive Approach**: Advance threat detection

    βœ… **Continuous Improvement**: Regular security updates

    βœ… **Transparency**: Open security communication

    User Responsibility

    ⚑ **Safe Usage**: Follow security best practices

    ⚑ **Updated Software**: Keep browser and security software updated

    ⚑ **Careful Behavior**: Don't click suspicious links

    ⚑ **Reporting**: Report security issues

    ---

    This security policy is effective from July 28, 2025 and is continuously updated.*