Security & Confidentiality

We are security-conscious by design. This page provides a practical overview of how we protect inquiry data and confidential documentation related to international and non-resident licensing workflows under the KIFA framework.

1. Confidentiality principles

• Need-to-know access: access is restricted to staff/contractors involved in your case.
• Data minimization: we request sensitive documents only when necessary for the stage.
• Separation: inquiry data is logically separated from public website content.

2. Encryption & transport security

• HTTPS/TLS for data in transit between your browser and the site.
• Security headers can be enabled (HSTS, X-Content-Type-Options, X-Frame-Options, Referrer-Policy) at the application or reverse proxy level.

3. Account & admin security

• Admin interface is available on a non-standard path (/admon/) and should be protected by strong authentication.
• We recommend 2FA for admin users and IP allowlisting at the firewall/reverse-proxy when feasible.
• Least-privilege access for any system accounts and staff operations.

4. Document handling

• We encourage starting with high-level information at inquiry stage and sharing sensitive documents only when needed.
• When documents are required, we use structured checklists and controlled submission steps.
• Retention is limited: data is kept only as long as necessary for the requested workflow and recordkeeping.

5. Logging & monitoring

We maintain basic server/application logs for reliability and incident investigation. Logs are not used for advertising or profiling.

6. Reporting security issues

If you believe you found a security issue, please report it responsibly:

Email: [email protected]

See also: Privacy Policy