CIRQIL Security Policy

Last Updated: May 20, 2026

At CIRQIL, security and privacy are foundational to how we design and operate our platform. We are committed to protecting user information, organizer data, communications, and platform infrastructure through a combination of technical, administrative, and operational safeguards.

This Security Policy outlines the measures and practices CIRQIL uses to help secure our systems and services.

1. Security Philosophy

CIRQIL was built with a privacy-conscious and security-focused approach designed to support trusted experiences across live events, festivals, communities, and large-scale activations.

We aim to minimize unnecessary data collection, limit internal access to sensitive information, and continuously improve the security of our systems as the platform evolves.

While no platform can guarantee absolute security, we implement safeguards designed to protect against unauthorized access, misuse, disclosure, alteration, or destruction of data.

2. Infrastructure & Hosting Security

CIRQIL uses reputable cloud infrastructure providers and modern hosting environments designed to support secure and resilient applications.

Security measures may include:

  • Encrypted HTTPS/TLS connections
  • Secure cloud infrastructure configurations
  • Network monitoring and logging
  • Environment isolation between development and production systems
  • Automated backups and recovery procedures where appropriate
  • Infrastructure access restrictions and authentication controls

3. Data Encryption

We use industry-standard encryption technologies to help protect data in transit and, where appropriate, data at rest.

This may include:

  • TLS/SSL encryption for network communications
  • Encrypted credentials and authentication tokens
  • Encrypted storage for sensitive platform information

4. Access Controls

Access to internal systems and sensitive data is restricted to authorized personnel who require access to perform their responsibilities.

Security practices may include:

  • Role-based access controls
  • Least-privilege access principles
  • Multi-factor authentication for administrative systems
  • Credential management policies
  • Access review and revocation procedures

5. Application Security

CIRQIL incorporates security considerations throughout the software development lifecycle.

Practices may include:

  • Secure development standards
  • Dependency and vulnerability monitoring
  • Authentication and session protections
  • Logging and anomaly monitoring
  • Testing and review procedures prior to deployment
  • Ongoing platform maintenance and updates

6. AI & Data Handling

As an AI-native platform, CIRQIL is committed to responsible data handling practices related to AI-powered functionality.

CIRQIL does not sell user data or exploit personal information for behavioral advertising purposes.

Where third-party AI or infrastructure providers are used, we evaluate providers based on operational, security, and privacy considerations.

We aim to:

  • Minimize unnecessary data exposure
  • Limit data sharing with external systems
  • Separate organizer and user environments where appropriate
  • Maintain clear controls around AI-enabled workflows and tooling

7. Third-Party Services & Integrations

CIRQIL may integrate with third-party services, APIs, or infrastructure providers to support platform functionality, including mapping, communications, authentication, analytics, mobility, ticketing, or cloud services.

While we seek to work with reputable providers, third-party services operate under their own security and privacy policies.

8. Incident Response

CIRQIL maintains internal processes designed to identify, assess, and respond to potential security incidents.

If we become aware of a security event affecting user data or platform integrity, we will take reasonable steps to:

  • Investigate and contain the issue
  • Mitigate ongoing risks
  • Restore affected systems where necessary
  • Provide notifications where required by applicable law

9. User Responsibilities

Users also play an important role in maintaining account and platform security.

We encourage users to:

  • Use strong, unique passwords
  • Protect account credentials
  • Avoid sharing login access
  • Notify CIRQIL of suspected unauthorized activity

10. Vulnerability Disclosure

We appreciate responsible security research and encourage individuals to report potential vulnerabilities responsibly.

If you believe you have identified a security issue involving CIRQIL, please contact:

security@cirqil.com

Please include:

  • a description of the issue
  • steps to reproduce the issue
  • any relevant screenshots or technical details

We request that researchers:

  • avoid disrupting platform operations
  • avoid accessing data that does not belong to them
  • provide reasonable time for investigation and remediation before public disclosure

11. Policy Updates

We may update this Security Policy periodically to reflect platform changes, legal requirements, operational improvements, or evolving security practices.

The latest version will always be posted on this page with an updated effective date.

12. Contact

For security-related questions or concerns, please contact:

security@cirqil.com