Security Policy

At Global Trade Fairs, we take the security of our platform, our partners, and our users seriously. This Security Policy explains how we protect your information and how security researchers can responsibly report vulnerabilities.

Our Commitment to Security

We are committed to maintaining a secure environment for exhibitors, visitors, buyers, and partners using our platform. We employ a combination of technical and organizational measures to help protect your data from unauthorized access, disclosure, alteration, or destruction.

While no system can ever be guaranteed 100% secure, our goal is to apply industry best practices, continuously improve our defenses, and respond swiftly and transparently when issues are identified.

Scope of This Policy

This Security Policy applies to:

  • The globaltradefairs.com domain and subdomains
  • Web applications, APIs, and services operated by Global Trade Fairs
  • Data handled or stored by our platform as part of our services

It does not cover third-party websites, services, or systems that may be linked from our platform but are not operated by us.

Security Policy

Technical and Organizational Security Measures

Network & Transport Security

We use industry-standard mechanisms to secure data in transit and protect our infrastructure.

  • HTTPS with TLS for secure communication
  • Strict-Transport-Security (HSTS) configuration
  • Regular security configuration reviews
  • Firewall and network access controls

Application Security

We follow secure development practices to reduce the risk of common vulnerabilities.

  • Secure coding practices and code review
  • Protection against common OWASP Top 10 risks
  • Input validation and output encoding
  • Session management and CSRF protection

Data Protection

We take the confidentiality and integrity of your information seriously.

  • Role-based access to production systems
  • Limited access to personal data on a need-to-know basis
  • Regular data backups and recovery procedures
  • Secure handling of sensitive information

Access Control & Monitoring

Only authorized personnel may access our systems, and their activities are monitored in line with our internal policies.

  • Unique user accounts for administrators and staff
  • Strong password and authentication requirements
  • Access reviews on a periodic basis
  • Logging and monitoring of key system events

Vulnerability Disclosure & Reporting

We welcome responsible disclosure of security vulnerabilities. If you believe you have found a security issue affecting our platform, please let us know so we can investigate and address it as quickly as possible.

How to Report a Vulnerability

Please send a detailed report to:

Email: contact@reydelmercado.com

Include as much information as possible to help us reproduce and understand the issue:

  • A clear description of the vulnerability
  • Steps to reproduce (including URLs, parameters, and sample requests if applicable)
  • Any screenshots or proof-of-concept code
  • Your contact details for follow-up

Responsible Disclosure Guidelines

When researching or reporting security issues, we kindly ask that you:

  • Do not exploit the vulnerability beyond what is necessary to prove its existence
  • Do not access, modify, or delete data that does not belong to you
  • Do not impact the availability or performance of our services
  • Comply with applicable laws at all times
  • Give us reasonable time to investigate and resolve the issue before public disclosure

While we do not currently operate a formal bug bounty program, we genuinely appreciate the efforts of security researchers who help us improve the safety of our platform.

Incident Response & Contact Information

Incident Response

In the event of a suspected or confirmed security incident, we will:

  • Investigate and assess the scope and impact
  • Take immediate steps to contain and mitigate the issue
  • Restore normal operations as quickly as possible
  • Notify affected parties and/or authorities where required by law

We continuously review and refine our incident response procedures to improve our readiness and reaction time.

Contact for Security Matters

For any questions related to this Security Policy or to report a security concern, please contact us:

Email: contact@reydelmercado.com

When contacting us, please do not include sensitive information (such as passwords) unless specifically requested for diagnostic purposes.

For information about how we handle personal data, please refer to our Privacy Policy .

We may update this Security Policy from time to time. Any changes will be posted on this page with an updated effective date.