Account Security Policy

Effective Date: July 30, 2025

At KingFlyZone, safeguarding your account is our top priority. This document outlines how we protect your information and how you can help keep your account secure.

1. Secure Login Practices

• Use a strong password of at least 8 characters, including letters, numbers, and symbols.
• Avoid reusing passwords from other websites or services.
• Update your password regularly (every 90 days recommended).

2. Two‑Factor Authentication (2FA)

We offer optional but highly recommended two-factor authentication using:

• SMS verification via +92‑308‑495‑0422
• Authenticator apps (e.g. Google Authenticator)

3. Password Recovery

1. Go to the login page and click “Forgot Password”
2. Enter your email to receive a reset link
3. Reset link is valid for 10 minutes

4. Suspicious Activity Alerts

If we detect any unusual login or booking behavior, we will alert you immediately via:

• Email
• SMS to +92‑308‑495‑0422

5. Session Management

• Active sessions expire after 30 minutes of inactivity.
• You can manually log out from all devices via your account settings.

6. Secure Data Storage

• Passwords are stored using bcrypt hashing.
• Credentials are never stored in plain text.
• Data is transmitted over encrypted channels (SSL/TLS).

7. Account Lockout Policy

• After 5 failed login attempts, your account will be locked for 15 minutes.
• To unlock, verify via email or SMS to +92‑308‑495‑0422

8. Notifications and Security Logs

All login attempts and critical actions (e.g., password changes) are logged. You can review your security activity under “Account > Security.”

9. Email Security Tips

• Beware of phishing emails. KingFlyZone will never ask for your password via email.
• Verify domain names (e.g., @kingflyzone.com)
• Contact support if you receive suspicious messages

10. Protecting Mobile Devices

• Keep your mobile app updated.
• Enable biometrics or passcode lock on your device.
• Avoid connecting via public Wi‑Fi for booking or payment.

11. Recovery Contact Information

If you need help recovering access to your account or resetting security settings:

• Email: security@kingflyzone.com
• Phone/WhatsApp: +92‑308‑495‑0422

12. Responsibility of Users

You are responsible for:

• Keeping your login credentials confidential
• Logging out when using shared devices
• Reporting suspicious activity immediately

13. Social Login Providers

If you use social login (e.g., Facebook, Google), you accept their security practices. However, you must ensure your social accounts are also secured.

14. Account Deactivation

• You may deactivate your account from settings at any time.
• After deactivation, access to your booking history is disabled.
• You can reactivate within 60 days or request permanent deletion.

15. Data Breach Protocol

In the unlikely event of a breach, affected users will be contacted immediately at their registered email or via SMS to +92‑308‑495‑0422.

16. Regular Audits

We conduct routine security assessments, external audits, and penetration tests to maintain high security standards.

17. Compliance

• We follow ISO 27001 security frameworks and regional data protection laws.
• All staff and contractors are required to follow strict access control policies.

18. Policy Updates

This Account Security Policy may change over time. Updates will be posted here with a revised date.

19. Final Acknowledgment

By continuing to use KingFlyZone, you agree to this Account Security Policy and commit to keeping your account secure.