Security Policy

Our Commitment to Security

At King City Montessori School, we take the security and privacy of our website visitors, parents, and students very seriously. We have implemented industry-standard security measures to protect your data and ensure a safe browsing experience.

Security Measures

Our website implements the following security measures:

• HTTPS Encryption: All data transmitted between your browser and our servers is encrypted using TLS/SSL
• Content Security Policy (CSP): Prevents cross-site scripting (XSS) and other code injection attacks
• HTTP Strict Transport Security (HSTS): Forces secure HTTPS connections
• Clickjacking Protection: Prevents our site from being embedded in malicious iframes
• XSS Protection: Browser-level protection against reflected XSS attacks
• Input Validation: All user inputs are validated and sanitized to prevent injection attacks
• Secure Cookie Management: Cookies are set with Secure and SameSite flags
• Regular Security Audits: We regularly review and update our security practices

Responsible Disclosure

If you discover a security vulnerability in our website, we appreciate your responsible disclosure. Please report it to us following these guidelines:

• Email us at info@kingcitymontessori.com
• Provide detailed information about the vulnerability
• Allow us reasonable time to address the issue before public disclosure
• Do not exploit the vulnerability beyond what is necessary to demonstrate it

Safe Harbor

We will not pursue legal action against security researchers who:

• Make a good faith effort to avoid privacy violations and service disruptions
• Report vulnerabilities to us before public disclosure
• Do not exploit vulnerabilities beyond demonstration purposes
• Provide us with reasonable time to address the issue

Data Protection

We implement appropriate technical and organizational measures to protect your personal data against unauthorized access, alteration, disclosure, or destruction. For more information, please see our Privacy Policy.

Security Response Timeline

When a security issue is reported to us, we follow this timeline:

• Within 48 hours: Initial acknowledgment of the report
• Within 7 days: Initial assessment and triage
• Within 30 days: Resolution or detailed action plan
• After resolution: Public acknowledgment (if researcher agrees)

Third-Party Services

While we maintain high security standards for our website, we also use reputable third-party services (such as Google Fonts and analytics). These services have their own security policies and practices.

Updates to This Policy

We may update this security policy from time to time to reflect changes in our practices or security landscape. We will post any updates on this page with the revision date.

Last Updated: February 23, 2026

Contact Information

For security-related inquiries, please contact:

Email:info@kingcitymontessori.com
General Contact:info@kingcitymontessori.com
Phone: (905) 833-2971