Data Security Policy

We employ multiple layers of security to protect your data:

• Encryption: All data in transit is encrypted using TLS 1.3, and data at rest is encrypted using AES-256 encryption
• Access Controls: Role-based access controls ensure that only authorized personnel can access sensitive data
• Network Security: Firewalls, intrusion detection systems, and regular security audits protect our network infrastructure
• Secure Infrastructure: Our servers are hosted in SOC 2 Type II certified data centers with 24/7 monitoring
• Regular Updates: All systems are regularly updated with the latest security patches

We comply with international data protection standards:

• GDPR: Full compliance with the General Data Protection Regulation
• CCPA: Compliance with the California Consumer Privacy Act
• SOC 2: Annual SOC 2 Type II audits
• ISO 27001: Information security management system certification
• Regular Audits: Third-party security audits and penetration testing

Our data handling procedures include:

• Data minimization - we only collect data that is necessary for our services
• Purpose limitation - data is used only for specified, legitimate purposes
• Data retention - we retain data only as long as necessary and in accordance with legal requirements
• Secure deletion - data is securely deleted when no longer needed
• Regular backups - automated backups ensure data availability and recovery

In the event of a security incident, we have established procedures:

• Immediate containment of the incident
• Assessment of the scope and impact
• Notification to affected parties as required by law
• Remediation and prevention measures
• Post-incident review and improvement

While we implement strong security measures, you also play a role in protecting your data:

• Use strong, unique passwords for your accounts
• Enable two-factor authentication when available
• Keep your software and devices updated
• Be cautious of phishing attempts
• Report any suspicious activity immediately