Security Policy

The Korea Entertainment Media is committed to maintaining the security of our platform, protecting the personal information of our users, and safeguarding the intellectual property of our photographers.

• Confidentiality: Information is accessible only to authorized individuals
• Integrity: Information is protected from unauthorized modification or destruction
• Availability: Legitimate users can access the Service reliably

• Encryption in Transit: All browser-to-server traffic uses TLS 1.2 or higher
• Encryption at Rest: Sensitive stored data is protected with strong encryption controls
• Payment Security: Payment processing is handled by Polar and other authorized processors; TenAsia does not store card numbers or sensitive authentication data
• Access Controls: Role-based access and least-privilege rules restrict production access
• Vulnerability Management: Regular assessments and dependency audits are performed
• Multi-Factor Authentication: MFA is required for internal administrative access
• Secure Storage: Image files are stored on Cloudflare R2 behind server-side proxy access

• Least Privilege: Team members receive only the access required for their work
• Security Training: Personnel receive recurring training on phishing, social engineering, and data handling
• Vendor Assessment: Service providers are evaluated for security fit before integration
• Incident Response Plan: A formal response process is maintained and tested periodically

We employ multiple layers of technical protection to prevent unauthorized reproduction and distribution of our photography:

• Visible Watermark: Preview images carry a "TENASIA" watermark
• Metadata Embedding: Images contain EXIF and IPTC copyright metadata
• Forensic Tracking: Downloaded originals may include forensic markers
• Server-Side Proxying: High-resolution files are served through authenticated server routes
• Browser Protections: Common save shortcuts and right-click actions are restricted on previews
• Automated Monitoring: We monitor for unauthorized reuse of our imagery

In the event of a security incident that affects the confidentiality or integrity of personal data, TenAsia will:

1. Contain the incident and assess its scope as quickly as possible
2. Notify affected users and, where required, supervisory authorities within applicable deadlines
3. Investigate the root cause and implement corrective measures
4. Provide ongoing updates to affected parties as the investigation progresses

This process is designed to align with applicable laws including Korea's Personal Information Protection Act (PIPA) and relevant international privacy frameworks.

We welcome responsible disclosure of security vulnerabilities. If you discover a potential security issue in our platform, please report it to us before disclosing it publicly so we can investigate and address it promptly.

Please include a clear description of the vulnerability, steps to reproduce, and the potential impact. We will acknowledge your report within 48 hours and keep you informed of our progress.

Security reports: tenasia.trend@gmail.com