Effective Date: February 28, 2026.
1. Purpose
This Data Protection & Security Policy outlines the technical, administrative, and organizational safeguards implemented to protect personal data collected through NaumanHanif.com (“Website”) and its associated infrastructure, including the Nexus Newsletter System.
This Policy supplements the Privacy Policy and Terms & Conditions.
2. Scope
This Policy applies to:
- Personal data submitted via Website forms
- Newsletter subscriber data
- Contact and collaboration submissions
- Uploaded files
- Blog contributor information
- Administrative access systems
3. Hosting & Infrastructure
The Website and associated databases are hosted on a Virtual Private Server (VPS) located in Los Angeles, United States.
Infrastructure safeguards include:
- Secure server configuration
- Restricted administrative access
- Controlled database permissions
- Regular system monitoring
- HTTPS encryption across the Website
Data may be processed and stored within the United States.
4. Data Processing Architecture
Form submissions from:
- Newsletter Form
- Contact Form
- Collaboration Form
are processed through a self-hosted system:
Nexus Newsletter System (nexus2.naumanhanif.com)
This system:
- Is privately operated
- Is not a third-party marketing SaaS
- Is secured with Two-Factor Authentication (2FA)
- Operates under its own internal compliance framework
5. Access Control & Authorization
Access to collected data is strictly limited.
5.1 Owner Access
The Website Owner maintains full administrative control.
5.2 Assistant Access
Assistants may be granted limited access strictly for operational support purposes.
Assistants:
- Do not have unrestricted administrative privileges
- Must operate under confidentiality expectations
- Are not authorized to export, sell, or misuse data
Access rights are granted on a role-based principle and may be revoked at any time.
6. Technical Security Measures
We implement reasonable and appropriate technical safeguards including:
- SSL/TLS encryption (HTTPS)
- Secure database configuration
- Password-protected admin access
- Two-Factor Authentication (2FA) for backend systems
- Firewall-level protections
- Secure server environment
- Regular patching and updates
While commercially reasonable measures are taken, no system is immune from risk.
7. Organizational Safeguards
Administrative measures include:
- Controlled access to login credentials
- Separation of public and administrative systems
- Review of uploaded files
- Monitoring of unusual access patterns
Only necessary personnel have access to personal data.
8. File Upload Security
Files uploaded through the Collaboration Form:
- Are stored in controlled directories
- Are subject to review
- Must not contain malicious code
- May be deleted if deemed unsafe
Submission of files does not guarantee permanent storage.
9. Data Minimization
We collect only information necessary for:
- Communication
- Collaboration evaluation
- Newsletter distribution
- Academic engagement
We do not intentionally collect excessive or irrelevant personal data.
10. Data Retention & Deletion
Personal data is retained:
- For as long as required to fulfill communication purposes
- Until a user unsubscribes
- Until deletion is requested
- As required by law
Data may be securely deleted or anonymized when no longer required.
11. Incident Response
In the event of a suspected data breach:
- Access logs will be reviewed
- Unauthorized access will be restricted
- Affected systems will be secured
- Appropriate corrective measures will be implemented
Where legally required, affected individuals may be notified in accordance with applicable laws.
12. Third-Party Services
We may use limited third-party services such as:
- Google Analytics
We do not sell personal data to third parties.
Third-party services operate under their own privacy policies.
13. International Data Transfers
Because the Website is hosted in the United States:
Personal data submitted from other countries may be transferred and processed in the United States.
By submitting information, users consent to this transfer.
14. Data Subject Rights
Depending on jurisdiction, individuals may request:
- Access to their personal data
- Correction of inaccurate data
- Deletion of personal data
- Restriction of processing
- Withdrawal of consent
Requests may be submitted through the contact information provided in the Privacy Policy.
15. Limitation of Security Guarantee
While reasonable technical and organizational measures are implemented:
- No system is 100% secure
- Internet transmission carries inherent risks
- We cannot guarantee absolute security
Use of the Website constitutes acceptance of these inherent risks.
16. Continuous Improvement
Security practices are periodically reviewed and may be enhanced to:
- Address emerging threats
- Improve operational resilience
- Maintain best-practice standards
17. Contact Information
For data protection inquiries: