1. Privacy Policy

Gulali MMC implements policies in accordance with international standards to ensure customer data security.

Collected Data

• Name, Surname, Email, Phone
• IP address and browser information
• Technical log files related to services

Data Usage

Collected data is used only for service delivery, billing, and security monitoring purposes.

2. Security Standards

• SSL/TLS 1.3: All data transmitted on the site is encrypted.
• Firewall & WAF: Our servers filter malicious traffic.
• DDoS Protection: 24/7 active protection with cloud-based security.
• Two-Factor Authentication: Active on all admin accounts.
• Regular Pen-testing: Quarterly cyber-tests to detect vulnerabilities.

3. Cookie Policy

The site uses only essential cookies to improve user experience. Marketing cookies are not applied.

4. Incident Management

1. Incident detection
2. Initial response within 60 minutes
3. Full analysis and customer report within 24 hours
4. Root-cause elimination and system recovery

5. Vulnerability Disclosure Program

Researchers who discover any vulnerabilities can send information to security@gulali.az. As appreciation, their names are listed in our "Hall of Fame" section.

6. Physical Security

Our server infrastructure is located in ISO/IEC 27001 certified data centers. Access is possible with biometric identification.

7. Payment Security

All payments are processed through PCI-DSS Level-1 compliant providers. Card information is not stored on our servers.

8. Protection of Children's Data

Data of users under 16 years old is not collected without parental consent.

9. Updates

Our security policy may be updated and expanded from time to time. Updates are published on this page.

10. Contact

For any questions or complaints, write to security@gulali.az.