eSolia symbol logo on IT Tips Blog
JP

Security Policy

Our commitment to cybersecurity and data protection

Updated: 1 November 2025

eSolia takes cybersecurity seriously. This security policy outlines our commitment to protecting our systems, data, and users through comprehensive security measures and responsible disclosure practices.

Vulnerability Disclosure

Reporting Security Issues

If you discover a security vulnerability in our systems or website, we encourage responsible disclosure:

  • Contact: Report security issues through our contact form with “Security Vulnerability” in the subject
  • Response Time: We aim to acknowledge security reports within 24 hours
  • Investigation: All reports are thoroughly investigated by our security team
  • Updates: We provide regular updates on the status of reported issues

What to Include

When reporting security vulnerabilities, please include:

  • Detailed description of the vulnerability
  • Steps to reproduce the issue
  • Potential impact assessment
  • Any proof-of-concept code or screenshots
  • Your contact information for follow-up

Our Commitment

  • We will not pursue legal action against researchers who report vulnerabilities in good faith
  • We will work with you to understand and resolve the issue promptly
  • We will credit researchers (with permission) when security issues are resolved
  • We maintain transparency about security improvements when appropriate

Security Measures

Website Security

Our website implements multiple layers of security:

  • HTTPS Everywhere: All traffic encrypted with TLS 1.3
  • Content Security Policy: Strict CSP headers to prevent XSS attacks
  • Secure Headers: Implementation of security headers (HSTS, X-Frame-Options, etc.)
  • Input Validation: Comprehensive validation of all user inputs
  • Regular Updates: Continuous monitoring and updating of dependencies

Infrastructure Security

  • Secure Hosting: Hosted on Netlify with enterprise-grade security
  • DNS Security: DNS over HTTPS (DoH) and DNSSEC implementation
  • Access Controls: Principle of least privilege for all system access
  • Monitoring: 24/7 security monitoring and alerting
  • Backup Security: Encrypted backups with secure key management

Development Security

  • Secure Coding: Following OWASP security guidelines
  • Code Review: All code changes undergo security review
  • Dependency Scanning: Automated vulnerability scanning of dependencies
  • Static Analysis: Security-focused static code analysis
  • CI/CD Security: Secure build and deployment pipelines

Data Protection

Information Handling

  • Data Minimization: We collect only necessary information
  • Encryption: All sensitive data encrypted at rest and in transit
  • Access Controls: Strict access controls for all data systems
  • Retention Policies: Clear data retention and deletion policies (see our Privacy Policy)
  • Privacy by Design: Privacy considerations integrated into all systems

User Privacy

  • Transparent Practices: Clear privacy policy outlining data use
  • User Rights: Respect for user privacy rights and preferences (detailed in our Privacy Policy)
  • Consent Management: Proper consent mechanisms for data collection
  • Data Portability: Support for data export when requested
  • Right to Deletion: Processes for complete data removal

Incident Response

Response Process

In the event of a security incident:

  1. Detection: Immediate identification and assessment
  2. Containment: Quick containment to prevent further damage
  3. Investigation: Thorough investigation to understand impact
  4. Communication: Transparent communication with affected parties
  5. Recovery: Complete system recovery and security restoration
  6. Review: Post-incident review and process improvement

Communication

  • User Notification: Prompt notification of users if their data is affected
  • Transparency: Public disclosure of significant security incidents
  • Regulatory Compliance: Compliance with all applicable breach notification laws
  • Continuous Updates: Regular updates during incident resolution

Compliance and Standards

Regulatory Compliance

We maintain compliance with relevant security and privacy regulations:

  • GDPR: European General Data Protection Regulation (see our Data Protection page)
  • Japan Privacy Laws: Compliance with Japanese data protection laws
  • Industry Standards: Adherence to relevant industry security standards
  • Regular Audits: Periodic security audits and assessments

Security Frameworks

Our security practices align with established frameworks:

  • OWASP: Open Web Application Security Project guidelines
  • NIST: National Institute of Standards and Technology frameworks
  • ISO 27001: Information security management principles
  • CIS Controls: Center for Internet Security controls

Security Resources

For Users

  • Security Tips: Best practices for secure interaction with our services
  • Account Security: Guidance on maintaining secure accounts
  • Phishing Awareness: Information about identifying security threats
  • Contact Information: Clear channels for security-related questions

For Researchers

  • Scope: Clear definition of systems in scope for security research
  • Guidelines: Responsible disclosure guidelines and expectations
  • Recognition: Security researcher recognition program
  • Resources: Technical documentation for security researchers

Continuous Improvement

Regular Reviews

  • Policy Updates: Regular review and update of security policies
  • Threat Assessment: Ongoing threat landscape assessment
  • Technology Updates: Continuous improvement of security technologies
  • Training: Regular security training for all team members

Industry Engagement

  • Security Community: Active participation in security community
  • Threat Intelligence: Monitoring of emerging security threats
  • Best Practices: Implementation of industry best practices
  • Knowledge Sharing: Contributing to security knowledge base

Contact Information

For security-related matters:

  • General Security Questions: Use our contact form with “Security” in the subject
  • Vulnerability Reports: Use our contact form with “Security Vulnerability” in the subject
  • Security.txt: Machine-readable security information at /.well-known/security.txt

Changes in this Security Policy

We reserve the right to update this security policy at any time. Changes will be announced in the “updates” section on the top page of this website, and the latest update date will be shown at the top of this page.

For questions about this security policy or our security practices, please contact us through our official channels.

Source Code ↗ Website Status ↗

Get in Touch

If you have any questions or inquiries about this page, don't hesitate to contact us.

Headquarters

Shiodome City Center 5F (Work Styling)

1-5-2 Higashi-Shimbashi, Minato-ku, Tokyo, Japan, 105-7105

Email
hello@esolia.co.jp
Telephone
+81-3-4577-3380
Fax
Fax +81-3-4577-3309