top of page
Privay Policy

Privacy Policy

At Nereus, we prioritize the protection of your privacy. We have developed this policy to ensure that you understand how we collect, use, communicate, and disclose your personal information. The following outlines our privacy practices:

  1. Purpose of Information Collection: Before or at the time of collecting personal information, we will clearly identify the purposes for which the information is being collected.

  2. Use of Personal Information: We will collect and use personal information solely for the purpose of fulfilling the specified objectives, as communicated by us. We may also use the information for other compatible purposes, provided we obtain the consent of the individual concerned or as required by law.

  3. Data Retention: We will retain personal information only as long as necessary to fulfill the specified purposes.

  4. Lawful and Fair Collection: We will collect personal information through lawful and fair means, and with the knowledge or consent of the individual concerned, where appropriate.

  5. Relevance and Accuracy: Personal data collected will be relevant to the purposes for which it is intended to be used. It will be accurate, complete, and up-to-date to the extent necessary for those purposes.

  6. Security Safeguards: We will implement reasonable security measures to protect personal information against loss, theft, unauthorized access, disclosure, copying, use, or modification.

  7. Transparency: We will make information about our policies and practices regarding the management of personal information readily available to our customers.

  8. Compliance: We are committed to conducting our business in accordance with these principles to ensure the confidentiality of personal information is protected and maintained.

Disclaimer:

The materials provided on Nereus are offered on an "as is" basis. Nereus does not provide any warranties, expressed or implied, and hereby disclaims all other warranties, including without limitation, implied warranties or conditions of merchantability, fitness for a particular purpose, or non-infringement of intellectual property or other violation of rights. Furthermore, Nereus does not warrant or make any representations concerning the accuracy, likely results, or reliability of the use of the materials on its Internet software or any other related materials or on any sites linked to this site.

Cybersecurity Policy 

 

1. Introduction 

At NSC, we are committed to ensuring the security and integrity of our online auction platform and its users. This Cybersecurity Policy outlines the measures and guidelines that all employees, contractors, and users must follow to protect the confidentiality, availability, and privacy of our systems and data. It is the responsibility of every individual associated with NSC to adhere to this policy and actively contributes to maintaining a secure environment. 

 

2. User Authentication and Access Control 

2.1. Users must create strong, unique passwords and update them regularly: 

Passwords must meet the following criteria: 

  • Minimum length of eight characters. 

  • Combination of uppercase and lowercase letters, numbers, and special characters. 

  • Avoid the use of easily guessable information (e.g., names, birthdates, common words). 

  • Users should not reuse passwords across multiple platforms or services. 

Users will be notified to update their Password at least every 90 days via email, users must not use their previous passwords when creating a new Password. 

2.2. Multi-factor authentication for all user accounts: 

  • NSC reserves the right to enforce multi-factor authentication (MFA) for users at any time. MFA options may include, but are not limited to, the use of one-time PINs (OTP) delivered via email or SMS, hardware tokens, or authenticator applications. 

  • During the account setup process, critical identifiers such as Employer Identification Numbers (EIN), Social Security Numbers (SSN), or Reseller Numbers are subjected to stringent validation procedures. The process is deemed instrumental in ascertaining the legitimacy and authenticity of user profiles. 

The platform provides clear instructions and guidance on enabling and configuring MFA and verification requirements. 

2.3. Failed login attempts will be monitored, and temporary lockouts may be applied after multiple unsuccessful attempts: 

  • The platform's system will track and log failed login attempts. 

  • After a predetermined number of consecutive failed login attempts (e.g., five attempts), the user's account will be temporarily locked. 

  • Account lockout duration and the number of failed attempts should be defined based on a risk-based approach, considering the sensitivity of the account. 

2.4. User access privileges must be assigned based on the principle of least privilege: 

  • Access privileges should be granted based on job roles and responsibilities. 

  • Each user account should have the minimum level of access necessary to perform their duties. 

  • Regular reviews and audits of user access rights should be conducted to ensure that access privileges are still appropriate and necessary. 

  • Access privileges should be promptly revoked or modified when an employee changes roles or leaves the organization. 

  • Employing a unified Identity and Access Management (IAM) system, NSC meticulously oversees user accounts, access rights, and permissions, reinforcing the cyber security infrastructure. 

  • NSC may implement session timeout mechanisms to automatically log out inactive users after a specified period of inactivity. 

By implementing robust user authentication and access control measures, NSC aims to mitigate the risks associated with unauthorized access, account compromise, and data breaches, ensuring a secure and trustworthy online auction platform for all users. 

 

3. Data Protection and Encryption 

3.1. All sensitive user data, including passwords and payment information, must be encrypted both during transmission and storage. 

3.2. To ensure the secure exchange of data between users and the platform, the utilization of Transport Layer Security (TLS) protocols is mandatory. 

3.3. To safeguard sensitive data, including passwords, secrets, and personalized generated data, we utilize strong encryption algorithms and adhere to industry-standard encryption methodologies. 

 

  

4. Payment Processing 

4.1. To ensure transactional security We only use reputable payment gateways that prioritize security and compliance with industry standards, such as PCI DSS (Payment Card Industry Data Security Standard): 

  • NSC ensures that all payment processing is handled by trusted and well-established payment gateways that have a proven track record in prioritizing security and complying with industry standards. 

  • Payment gateways chosen for processing transactions should have achieved PCI DSS compliance, which sets comprehensive requirements for protecting cardholder data during payment transactions. 

  • Prior to integrating a payment gateway, a thorough evaluation of the provider's security measures, encryption methods, and compliance certifications must be conducted to ensure the highest level of security for financial transactions. 

4.2. Payment systems are regularly audited and monitored for any signs of vulnerabilities or unauthorized access: 

  • NSC conducts regular audits and assessments of the payment systems and infrastructure to identify potential vulnerabilities and ensure compliance with industry standards. 

  • Vulnerability scanning tools and penetration testing are employed to proactively identify any weaknesses or security gaps in the payment processing environment. 

  • Continuous surveillance and comprehensive analysis of payment transactions, complemented by the review of associated logs, are diligently conducted to swiftly identify signs of suspicious activities, potential unauthorized access attempts, or any deviations from expected patterns 

  • Anomalies or potential security incidents are promptly investigated, and appropriate action is taken to mitigate any identified risks. 

4.3. Additional safeguards are adopted to further enhance the security of payment processing: 

  • To secure the transmission of payment data between users and the payment gateway, various strong encryption measures are implemented. These include Transport Layer Security (TLS) protocols, Secure Sockets Layer (SSL) protocols, and Internet Protocol Security (IPSec). These encryption protocols reduce the risk of data compromise during the transaction process. 

 

  • NSC uses tokenization and other data protection methods to minimize the storage and handling of sensitive payment card data within our systems. This approach reduces potential points of vulnerability, thereby further securing cardholder data. 

 

  • NSC ensures the continued security of our payment processes by regularly reviewing and updating our payment processing policies and procedures. This allows us to maintain alignment with evolving security standards, regulatory requirements, and industry best practices. 
     

5. Privacy and Data Collection 

5.1. A comprehensive Privacy Policy is in place, it clearly explains how user data is collected, used, and protected. 

5.2. Users must explicitly consent to the collection and use of their personal information. 

5.3. Users have the ability to review, modify, and delete their personal information. 

 

6. Fraud Prevention 

6.1. Fraud detection systems are in place to identify and block suspicious activities, such as fake bids or account takeover attempts. 

6.2. Regular monitoring and analysis of user behavior is conducted to detect patterns indicative of fraudulent activity. 

6.3. Users will be educated about common scams and encouraged to report any suspicious behavior. 

6.4. To enhance user account security and reduce fraud risks, we incorporate measures such as two-factor authentication and other sophisticated security protocols to prevent unauthorized access. 

 

7. System Monitoring and Incident Response 

7.1. Real-time monitoring and logging mechanisms are implemented to detect and respond to security incidents promptly: 

  • The online auction platform employs robust monitoring tools to collect and analyze logs, network traffic, and system activity in real-time. 

  • Intrusion detection systems (IDS) and intrusion prevention systems (IPS) are in place to detect and prevent unauthorized access attempts and suspicious activities. 

  • Security event and incident management systems are utilized to consolidate and correlate security events, enabling timely incident detection and response. 

  • Logs from diverse system components such as servers, network devices, and databases are aggregated in a centralized location and stored securely for subsequent analysis and forensic use. 

7.2. An incident response plan must be established, outlining the steps to be taken in the event of a security breach: 

  • The incident response plan (SEE Incident response procedure doc) defines roles and responsibilities for incident response team members, including incident coordinators, investigators, and communication liaisons. 

  • Clear escalation procedures are outlined to ensure that incidents are promptly reported to the appropriate stakeholders and management. 

  • The plan includes defined incident severity levels and corresponding response actions, allowing for a rapid and coordinated response based on the nature and impact of the incident. 

  • Incident response procedures cover incident containment, evidence preservation, system recovery, and communication with affected parties, regulatory bodies, and law enforcement, as required. 
     

7.3. Regular Updates and Patching for Software Systems: 

  • To manage known vulnerabilities, NSC uses a streamlined strategy to ensure all software, operating systems, and third-party applications regularly receive the latest security patches through an efficient patch management process. 

  • Regular vulnerability assessments and scanning tools are utilized to identify vulnerabilities in the system. 

  • Prioritized patching procedures are in place to promptly address critical vulnerabilities that pose a high risk to the platform's security. 

  • The patch management process includes a testing phase to minimize any potential disruptions to the platform's functionality during the patching process. 

 

7.4 System monitoring and incident response are enhanced by: 

  • NSC deploys automated security systems for instant alerts about suspicious activities or breaches. 

  • Periodic penetration tests and vulnerability assessments are undertaken to discover potential weaknesses. 

  • We actively monitor security advisories and alerts from vendors and industry sources to stay current with emerging threats. 

  • Our incident response plan is regularly revised based on past incidents and evolving threats. 

  • We run periodic simulations to test the incident response plan, improving our preparedness. 

 

With rigorous real-time monitoring, an effective incident plan, and regular software updates, the objective is to quickly address security incidents, limit breach impacts, and ensure the reliability of the online auction platform. 

 

8. User Terms and Conditions 

8.1. Acceptable use policies and user responsibilities must be clearly defined. 

8.2. Activities such as hacking, spreading malware, or engaging in fraudulent behavior must be prohibited. 

8.3. Consequences for violating the terms and conditions, including account suspension or legal action, must be outlined. 

 

9. Staff Training and Awareness 

9.1. Regular training sessions must be provided to employees on security best practices, including identifying phishing attempts and handling sensitive information. 

9.2. All employees must actively report any security concerns or incidents. 

9.3. [Your Company's Name] will foster a culture that prioritizes security and encourages employees to actively contribute to maintaining a secure environment. 

 

10. Compliance and Review 

10.1. This Cybersecurity Policy must comply with applicable laws, regulations, and industry standards. 

10.2. The policy will be regularly reviewed and updated to reflect changes in technology, threats, and organizational requirements. 

 

By adhering to this Cybersecurity Policy, we demonstrate our commitment to safeguarding the online auction platform and protecting the interests of our users. Failure to comply with this policy may result in disciplinary actions, including termination or legal action, depending on the severity of the violation. 

 

NSC will provide resources and support to ensure the effective implementation of this policy and promote a secure online auction environment. 

User Authentication and Access Control 
Data Protection and Encryption 
Cybersecurity Policy
Payment Processing 
Privacy and Data Collection 
Fraud Prevention 
System Monitoring
User Terms and Conditions 
Staff Training and Awareness
Compliance and Review 
bottom of page