Security Incident Response Policy

How Sukrat detects, responds to, and resolves security incidents

Last Updated: February 16, 2026

Sukrat AI is committed to protecting the security and integrity of user data. This Security Incident Response Policy describes the processes we follow to detect, investigate, respond to, and resolve security incidents.

1. Purpose

The purpose of this policy is to ensure that Sukrat responds promptly and effectively to security incidents in order to:

  • Protect user data
  • Contain and mitigate threats
  • Restore system integrity
  • Comply with legal obligations

2. Definition of a Security Incident

A security incident is any event that may compromise:

  • Personal data
  • Account security
  • System integrity
  • Platform availability

Examples include:

  • Unauthorized access to systems
  • Unauthorized access to personal data
  • Data breaches
  • Account compromise
  • Malware or malicious activity
  • Service disruptions caused by malicious actions

3. Incident Detection

We use monitoring systems and operational controls to detect potential security incidents.

Incidents may be detected through:

  • Automated monitoring systems
  • Internal security reviews
  • User reports
  • Infrastructure provider alerts

We investigate reported or detected incidents promptly.

4. Incident Response Process

When a security incident is identified, Sukrat follows a structured response process.

4.1 Identification

We assess the nature, scope, and potential impact of the incident.

4.2 Containment

We take immediate steps to limit the impact of the incident, which may include:

  • Restricting access to affected systems
  • Isolating affected components
  • Blocking unauthorized access

4.3 Investigation

We investigate to determine:

  • What happened
  • What data or systems were affected
  • The root cause

4.4 Remediation

We implement corrective measures to prevent recurrence.

This may include:

  • Fixing vulnerabilities
  • Strengthening safeguards
  • Updating systems

4.5 Recovery

We restore systems to normal operation.

5. Notification

Where required by applicable law, Sukrat will notify affected users and relevant authorities of security incidents involving personal data.

Notifications may include:

  • Description of the incident
  • Types of data affected
  • Actions taken
  • Recommended user actions

Notification timing will comply with applicable legal requirements.

6. Coordination with Subprocessors

If a security incident involves a third-party service provider, we will coordinate with the provider to investigate and resolve the issue.

7. Continuous Improvement

We review incidents to improve our security practices.

This may include:

  • Updating procedures
  • Improving monitoring
  • Strengthening controls

8. User Responsibilities

Users should help maintain security by:

  • Using strong passwords
  • Protecting account credentials
  • Reporting suspicious activity

9. Reporting Security Issues

If you believe you have discovered a security issue, please report it immediately: security@sukrat.ai

10. Policy Updates

We may update this policy from time to time.

We will update the “Last Updated” date accordingly.

11. Contact

For security-related inquiries, contact: security@sukrat.ai

Last Modified: February 16, 2026

Policy Version: 1.0