Security Policy

Last updated: January 15, 2026

At ANYTIMEBOTS LTD, we take the security of your data seriously. This Security Policy outlines the measures we implement to protect your information and maintain the integrity of our services.

1. Data Encryption

We employ industry-standard encryption to protect your data:

  • Data in Transit: All data transmitted between your device and our servers is encrypted using TLS/SSL (HTTPS) protocols, ensuring that your information cannot be intercepted during transmission.
  • Data at Rest: Sensitive data stored on our servers is encrypted using AES-256 encryption standards.
  • Secure Connections: We enforce HTTPS across all pages and API endpoints to ensure secure communication.

2. Infrastructure Security

Our infrastructure is designed with multiple layers of security:

  • Server Location: Our servers are hosted in secure, certified data centers in the United States with 24/7 monitoring and physical security controls.
  • Firewalls: We deploy advanced firewall systems to protect against unauthorized access and cyber threats.
  • Regular Updates: All systems and software are kept up-to-date with the latest security patches and updates.
  • DDoS Protection: We implement distributed denial-of-service (DDoS) protection to ensure service availability.
  • Intrusion Detection: Automated systems monitor for suspicious activities and potential security threats.

3. Access Controls

We implement strict access controls to protect your data:

  • Principle of Least Privilege: Access to systems and data is granted on a need-to-know basis only.
  • Authentication: Multi-factor authentication (MFA) is required for all administrative access.
  • Password Requirements: Strong password policies are enforced for all user accounts.
  • Session Management: Secure session handling with automatic timeout for inactive sessions.
  • Regular Audits: Access logs are regularly reviewed and audited for unusual activity.

4. Data Processing and Storage

We handle your data with care:

  • Temporary Processing: Files uploaded for processing are handled in memory or temporary storage and are typically deleted within 24 hours.
  • Data Minimization: We collect and retain only the data necessary to provide our services.
  • Secure Deletion: When data is deleted, it is securely erased from our systems.
  • Backup Security: Backups are encrypted and stored in geographically separate locations.

5. Application Security

Our applications are built with security in mind:

  • Secure Coding Practices: We follow OWASP guidelines and industry best practices for secure software development.
  • Input Validation: All user inputs are validated and sanitized to prevent injection attacks.
  • CSRF Protection: Cross-Site Request Forgery (CSRF) tokens protect against unauthorized actions.
  • XSS Prevention: Content Security Policy (CSP) headers and output encoding prevent Cross-Site Scripting (XSS) attacks.
  • SQL Injection Prevention: Parameterized queries and ORMs protect against SQL injection attacks.

6. Third-Party Services

We carefully vet third-party services:

  • Analytics: We use Google Analytics and Google Search Console for website analytics. These services are configured to respect user privacy.
  • Payment Processing: All payment processing is handled by PCI-DSS compliant payment processors. We do not store credit card information on our servers.
  • Vendor Security: All third-party vendors are required to maintain appropriate security standards.

7. Monitoring and Incident Response

We actively monitor our systems and have procedures in place to respond to security incidents:

  • 24/7 Monitoring: Automated systems continuously monitor for security threats and anomalies.
  • Logging: Comprehensive logging helps us detect and investigate security incidents.
  • Incident Response Plan: We have a documented incident response plan to quickly address security issues.
  • Notification: In the event of a data breach affecting your personal information, we will notify you in accordance with applicable laws.

8. Employee Security

Our team is trained and committed to security:

  • Background Checks: All employees with access to sensitive systems undergo background checks.
  • Security Training: Regular security awareness training is mandatory for all employees.
  • Confidentiality Agreements: All employees sign confidentiality and data protection agreements.
  • Offboarding: Access is immediately revoked when employees leave the company.

9. Compliance

We comply with relevant data protection regulations:

  • GDPR: For users in the European Union, we comply with General Data Protection Regulation requirements.
  • Data Protection Act: We comply with UK Data Protection Act 2018 requirements.
  • Industry Standards: We follow industry-standard security frameworks and best practices.

10. Vulnerability Disclosure Program

We welcome reports from security researchers and the community about potential security vulnerabilities. If you discover a security issue, please report it responsibly:

  • Email us at support@anytimebots.com with "Security Vulnerability" in the subject line
  • Provide detailed information about the vulnerability, including steps to reproduce
  • Allow us reasonable time to address the issue before public disclosure
  • Do not access, modify, or delete data that does not belong to you

We appreciate responsible disclosure and will acknowledge valid security reports. We are committed to working with security researchers to verify and address reported vulnerabilities promptly.

11. Security Audits and Testing

We regularly test our security measures:

  • Penetration Testing: Periodic third-party security assessments and penetration testing.
  • Vulnerability Scanning: Automated scanning for known vulnerabilities.
  • Code Reviews: Security-focused code reviews before deployment.
  • Security Assessments: Regular internal security assessments and audits.

12. User Responsibilities

Security is a shared responsibility. You can help keep your account secure by:

  • Using strong, unique passwords for your account
  • Not sharing your account credentials with others
  • Logging out after using shared or public computers
  • Keeping your contact information up-to-date
  • Reporting suspicious activity immediately

13. Updates to This Policy

We may update this Security Policy from time to time to reflect changes in our security practices or legal requirements. We will notify users of any material changes by posting the updated policy on this page and updating the "Last updated" date.

14. Contact Us

If you have questions or concerns about our security practices, please contact us at support@anytimebots.com.

Company Information:
ANYTIMEBOTS LTD
Company Number: 16870333
Email: support@anytimebots.com