Get 10% OFF all hosting services when you pay with Monero (XMR). Learn How!

Security Statement

Last updated: January 2026

At Noiz, security and privacy are foundational to everything we do. We go beyond minimum compliance requirements because we believe your data deserves genuine protection, not just checkbox security. This document outlines the technical and organisational measures we have in place to protect your data and our infrastructure.

This statement should be read in conjunction with our Terms of Service, Privacy Policy, and Data Processing Agreement.

1. Physical Security

1.1. Data Centre Location

Our servers are housed in enterprise-grade data centres located in South Africa. These facilities are purpose-built for hosting critical infrastructure and are not situated in flood-prone areas or direct flight paths.

1.2. Surveillance and Access Control

Our data centre facilities employ multiple layers of physical security, including:

  • 24/7 CCTV surveillance monitoring all access points and server areas
  • Biometric access control systems restricting entry to authorised personnel
  • Security personnel on-site around the clock
  • Visitor logging and escort requirements

1.3. Environmental Controls

The facilities include comprehensive environmental protection:

  • Fire detection and suppression systems
  • Climate control to maintain optimal operating temperatures
  • Redundant power supplies with UPS and generator backup
  • Multiple network connectivity providers for resilience

2. Network Security

2.1. Server-Level Protection

All managed servers are protected by Imunify360, a comprehensive security platform that provides:

  • Real-time malware detection and removal
  • Proactive defence against brute-force attacks
  • Web application firewall (WAF) protection
  • Intrusion detection and prevention
  • Reputation-based filtering of malicious traffic

2.2. Firewall Protection

Our infrastructure employs multiple firewall layers:

  • Network-edge firewalls filtering traffic before it reaches servers
  • Server-level firewall rules restricting access to necessary ports and services
  • Rate limiting to protect against denial-of-service attempts
  • Automatic blocking of known malicious IP addresses

3. Monitoring

3.1. Infrastructure Monitoring

Our infrastructure is monitored 24/7 using industry-standard monitoring tools including Uptime Robot and Plesk 360. This enables us to:

  • Detect service disruptions within minutes
  • Monitor server health, resource usage, and performance metrics
  • Receive immediate alerts for critical issues
  • Track historical performance trends

3.2. Security Monitoring

Imunify360 provides continuous security monitoring across all protected servers, logging and alerting on:

  • Malware detections and remediation actions
  • Blocked intrusion attempts
  • Suspicious file modifications
  • Brute-force attack patterns

4. Platform Security

4.1. Server Operating Systems

Our servers run on Linux-based operating systems, primarily Debian and Ubuntu. These are chosen for their:

  • Strong security track record
  • Regular security patch releases
  • Large community support and rapid vulnerability response
  • Minimal attack surface compared to other platforms

4.2. Security Patching

We maintain a proactive approach to security updates:

  • Security advisories are monitored and evaluated regularly
  • Critical security patches are applied promptly
  • Kernel and system updates are scheduled to minimise disruption
  • Control panel software is kept current with security releases

4.3. Control Panel Options

We offer multiple control panel options to suit different needs, including Plesk, cPanel, and ISPConfig. Each provides:

  • Secure authentication with strong password requirements
  • SSL/TLS encryption for all control panel access
  • Granular permission controls
  • Activity logging and audit trails

4.4. Anti-Virus and Malware Protection

Multiple layers of anti-virus protection are deployed across our infrastructure:

  • Imunify360 real-time malware scanning and automatic remediation
  • ClamAV for scheduled file scanning
  • Regular malware signature updates
  • Automatic quarantine of detected threats

4.5. Backups

We implement regular backup procedures to assist with disaster recovery:

  • Automated weekly backups of website files and databases
  • Backup retention for one month
  • Customer self-service restore available through control panel interfaces
  • Customers can configure additional backup destinations for their own retention requirements

Important: Email data is not included in our standard backup procedures. Customers requiring email backup should implement their own solution or download emails to a local client. We strongly recommend all customers maintain their own independent backups of critical data.

5. Email Security

5.1. Anti-Spam Protection

All email services are protected by Warden Anti-Spam, providing:

  • Inbound spam filtering using multiple detection techniques
  • Outbound email scanning to protect sender reputation
  • Greylisting of suspicious senders
  • Real-time blacklist (RBL) checking
  • Bayesian filtering that learns from spam patterns

5.2. Malware Filtering

Email attachments are scanned for malware, and certain high-risk attachment types are blocked by default to protect against common attack vectors.

5.3. Encryption

We support secure email transmission:

  • SSL/TLS encryption for POP3, IMAP, and SMTP connections
  • Opportunistic TLS for server-to-server email delivery where supported
  • Strong password requirements enforced on mailbox creation

6. Password and Authentication Security

6.1. Password Storage

All customer passwords are stored using one-way cryptographic hashing. We cannot retrieve your password—only reset it. Our hashing implementations include:

  • Industry-standard algorithms (bcrypt, SHA-512)
  • Unique salts to prevent rainbow table attacks
  • Multiple hashing rounds to slow brute-force attempts

6.2. Strong Password Requirements

We enforce minimum password complexity requirements across our systems to reduce the risk of credential compromise.

7. Incident Response

7.1. Security Incidents

We have procedures in place to respond quickly and effectively to security incidents. In the event of a confirmed data breach affecting your data, we will notify you in accordance with our obligations under the Protection of Personal Information Act (POPIA) and our Data Processing Agreement.

7.2. Reporting Security Issues

If you discover a security vulnerability or suspect your account has been compromised, please contact us immediately at abuse@noiz.co.za. We take all reports seriously and will investigate promptly.

8. Our Commitment to Privacy

Security and privacy are two sides of the same coin. At Noiz, we believe in privacy as a fundamental right, not just a compliance requirement. This philosophy is reflected in our operational choices:

8.1. Privacy-Respecting Payment Options

We accept Monero (XMR) as a payment method, allowing customers who value financial privacy to transact without exposing personal banking details. This option exists because we respect your right to privacy, not because we have anything to hide.

8.2. Anonymity-Friendly Services

We support .onion domain hosting for customers who require the additional privacy protections offered by the Tor network. We recognise that legitimate privacy needs exist—from journalists and activists to businesses operating in sensitive sectors.

8.3. Minimal Data Collection

We collect only the data necessary to provide our services and comply with legal requirements. We do not sell customer data or engage in unnecessary surveillance of customer activities.

9. Compliance

9.1. Data Protection

We are committed to complying with the Protection of Personal Information Act (POPIA) and, where applicable to our customers, the EU General Data Protection Regulation (GDPR). Our Privacy Policy and Data Processing Agreement detail our data protection practices.

9.2. Industry Standards

We follow the standards and guidelines set out in the ISPA Code of Conduct, committing to responsible and ethical internet service provision.

10. Customer Responsibilities

Security is a shared responsibility. While we protect the hosting infrastructure, customers must take steps to secure their own applications and accounts:

  • Use strong, unique passwords and store them securely
  • Keep software updated—CMS platforms like WordPress, Joomla, and their plugins are common attack vectors when outdated
  • Maintain your own backups of critical data; do not rely solely on host backups
  • Use SSL certificates for websites handling any sensitive data
  • Monitor your accounts for suspicious activity
  • Report security issues promptly to abuse@noiz.co.za

11. Questions

If you have questions about our security practices or require additional information for your own compliance requirements, please contact us at info@noiz.co.za.

Noiz Cybersecurity (Pty) Ltd
Registration Number: 2023/837453/07
6 Shaul Avenue, Libradene, Boksburg, 1459, South Africa
Phone: +27 76 903 4821

WordPress
GNU
Linux
Free Software Foundation
Monero
Tor
Copyright © 2026 Noiz. All Rights Reserved.
Monero accepted here logo