1. Introduction

This Security Policy describes the measures and principles applied by Zenterra OOD (English name: Zenterra Ltd), UIC (EIK) 208683258 (“Zenterra”, “we”) to protect the website “zenterra.bg” (the “Website”) and the information processed in connection with the use of the Website.

This policy supplements (but does not replace) the Privacy Policy and the Cookie Policy.

2. Scope

This policy covers:

• the security of the Website and its infrastructure (hosting, domain, applications);

• measures against unauthorised access, abuse and security incidents;

• good practices for communication and handling enquiries submitted via the Website.

3. Key Principles

We follow principles of:

• least-privilege access (access only when necessary);

• separation of roles and responsibilities;

• timely maintenance and updates;

• monitoring and incident response;

• team awareness and training where necessary.

4. Technical and Organisational Measures

Depending on the Website architecture and service providers, we may implement (where applicable):
4.1. Access control: strong passwords, MFA/2FA for admin panels, role-based access.
4.2. Encryption in transit: HTTPS/SSL to protect communications between users and the Website.
4.3. Updates and vulnerabilities: regular updates to CMS/plugins/dependencies; security hardening and vulnerability review.
4.4. Logs and monitoring: collecting security logs and monitoring suspicious activity (within reasonable limits and in compliance with applicable law).
4.5. Protection against automated attacks: rate limiting, brute-force protection, anti-spam measures for forms (if enabled).
4.6. Backups: backups of the Website and/or databases where applicable.
4.7. Vendors: using providers (hosting, analytics, advertising, email) that offer appropriate security measures.

5. Security of Communications

5.1. When submitting enquiries via forms/email, please avoid sharing sensitive information unless strictly necessary.
5.2. Email communication is not a fully secure channel by nature; if sensitive information must be exchanged, additional safeguards (e.g., encrypted files/channels) may be agreed in advance.

6. Incident Management

6.1. If a security incident is suspected or confirmed, we take reasonable steps to contain, investigate and recover.
6.2. Where an incident poses a risk to individuals’ rights and freedoms and notification is required by law, we will take the necessary steps to notify the competent authority and/or affected individuals.

7. Responsible Disclosure

If you discover a vulnerability or security issue affecting the Website, please notify us at office@zenterra.ai. Please do not publicly disclose details before we have a reasonable opportunity to investigate and remediate.

8. Limitation of Liability

We take reasonable steps to maintain a high level of security, but cannot guarantee absolute protection against all cyber risks. To the maximum extent permitted by law, we are not liable for damage caused by force majeure events, third-party attacks or factors beyond our control.

9. Contact

Zenterra OOD (English name: Zenterra Ltd), UIC (EIK) 208683258
Official email: office@zenterra.ai
Phone: +359 877 007 955
Registered address: Republic of Bulgaria, Plovdiv Region, Plovdiv Municipality, Plovdiv 4023, Trakia District, 2V Valko Shopov St.
Contact addresses:

• Sofia, 48 Cherni Vrah Blvd.

• Plovdiv, 2B Valko Shopov St. (Zenterra AI central office)