ITK Security Policy

Effective Date: 02/03/2025
Last Updated: 02/03/2025
Website: [https://itk.asia]

1. Introduction

ITK.asia provides discounted access to major cloud platforms including Huawei Cloud, Alibaba Cloud, and AWS. To ensure the safety of our users’ data, payments, and infrastructure provisioning, we implement strict security measures across our platform and backend operations.

2. Payment & Transaction Security

  • SSL/TLS Encryption: All transactions and data exchanges are protected via 256-bit SSL encryption.

  • PCI-DSS Compliant Gateway: We use reputable third-party payment processors (e.g., Stripe, iPay88, SenangPay) for all card payments. We do not store card data.

  • Manual Bank-In Verification: All manual bank-in receipts are verified by staff over secure admin channels. Fake receipts or fraud attempts will be investigated and reported.

3. Account Provisioning Security

  • Manual Provisioning Protection: Once payment is confirmed, cloud service accounts (Huawei, AWS, etc.) are created manually. These are verified via secure admin panels with strict access control.

  • Email Verification: Customers must verify their email before using the platform.

  • Credit System: Users can top up credit through our platform, which is logged, traceable, and applied only to verified accounts.

4. Platform & Application Security

  • Access Control:

    • Admin systems are protected via IP whitelisting and strong 2FA.

    • User roles are separated (customer, admin) with strict permission policies.

  • Vulnerability Protection:

    • All inputs are sanitized to protect against SQL injection, XSS, and CSRF.

    • Web Application Firewall (WAF) is in place.

  • Penetration Testing: Annual penetration testing is conducted by external professionals.

5. Infrastructure & Data Security

    • Hosting on AWS: Our platform infrastructure is hosted on Amazon Web Services (AWS), benefiting from its robust security features including data center redundancy, physical security, and network isolation.

    • Firewall & WAF:

      • All servers are protected with AWS Security Groups (firewall rules) to restrict unauthorized access.

      • We implement Web Application Firewall (WAF) policies to detect and block common exploits like SQL injection, XSS, and bad bot traffic.

    • Cloudflare Protection:

      • Cloudflare is used as an additional security layer, providing:

        • DDoS mitigation

        • Global CDN

        • Rate limiting

        • Bot filtering

        • Secure DNS & origin masking

    • Encryption & SSL:

      • All traffic is encrypted using HTTPS with TLS 1.2+.

      • SSL certificates are issued by trusted Certificate Authorities and renewed automatically.

    • Data Encryption:

      • All customer data stored in our AWS-hosted databases is encrypted at rest using AES-256.

      • Data in transit is encrypted using TLS protocols.

    • Access Control:

      • Server access is restricted to authorized personnel only, via key-based SSH login and IP whitelisting.

      • Admin panels are protected with 2FA and audit logging.

    • Backups & Disaster Recovery:

      • Encrypted daily backups are maintained on separate secure AWS S3 storage.

      • Regular disaster recovery drills ensure recovery within 24 hours in case of critical failure.

6. Data Privacy & Confidentiality

  • Personal Information: We only collect essential data for account setup and billing. All data is handled in accordance with PDPA Malaysia and GDPR.

  • No Data Sharing: We do not share or sell user data to third parties unless legally required.

  • Data Retention: Customer data is retained only as long as required by billing, tax, or legal obligations.

7. Incident Response & Reporting

  • Monitoring: Server activities, logins, and financial actions are monitored 24/7.

  • Incident Response Plan: In case of a breach, we will:

    • Contain and assess the incident within 4 hours.

    • Notify affected users within 72 hours.

    • Report the incident to relevant authorities if required.

  • Reporting Vulnerabilities: Users can report vulnerabilities to: security@itk.asia

8. Customer Responsibility

As a cloud reseller platform, customers are responsible for:

  • Securing their own usage and configuration on cloud platforms (AWS/Huawei/Alibaba)

  • Avoiding misuse of infrastructure for illegal activities (spamming, phishing, mining, etc.)

  • Not sharing account access or credentials with third parties

Violation of these policies may lead to suspension without refund.

9. Compliance & Legal

  • Compliance: Our practices align with industry best standards including:

    • PCI-DSS (via payment gateways)

    • PDPA Malaysia

    • GDPR (for international clients)

  • Audit Trails: All provisioning, credit top-ups, and account changes are logged for audit purposes.