At TeedUp Inc. ("TeedUp," "we," "us," or "our"), the security of our customers' data is of utmost importance. We are committed to protecting the integrity, confidentiality, and availability of all data we handle. This Security Policy outlines our approach to maintaining a secure environment and the measures we take to safeguard information. This policy applies to all employees, contractors, and third-party service providers who have access to our systems and data.
1. Security Governance
Responsibilities:
Chief Information Security Officer (CISO): Oversees the implementation and enforcement of security policies.
Security Team: Responsible for monitoring, auditing, and enhancing security measures.
All Employees: Must adhere to the security policies and report any security incidents.
2. Data Protection
Data Encryption:
In Transit: All data transmitted over networks is encrypted using TLS (Transport Layer Security).
At Rest: Sensitive data stored on our servers is encrypted using industry-standard encryption algorithms.
Access Control:
Authentication: Multi-factor authentication (MFA) is required for access to critical systems.
Authorization: Role-based access control (RBAC) ensures that users have the minimum level of access necessary to perform their duties.
Auditing: Access logs are maintained and regularly reviewed to detect and respond to unauthorized access.
3. Network Security
Firewalls and Intrusion Detection:
Firewalls are deployed to protect our network from unauthorized access.
Intrusion detection and prevention systems (IDPS) monitor network traffic for suspicious activity.
Secure Configuration:
All systems are configured according to industry best practices and regularly updated to mitigate vulnerabilities.
Network segmentation is implemented to limit the spread of potential breaches.
4. Incident Response
Incident Management:
An incident response plan is in place to handle security incidents promptly and effectively.
Incidents are classified, investigated, and resolved according to their severity.
Post-incident reviews are conducted to improve our security posture.
Notification:
Affected parties are promptly notified of any data breaches that may compromise their personal information, in compliance with legal requirements.
5. Employee Training
Security Awareness:
All employees undergo regular security awareness training to recognize and prevent security threats.
Phishing simulations and other exercises are conducted to test and reinforce security awareness.
Policy Compliance:
Employees are required to read, understand, and acknowledge our security policies.
Regular assessments are conducted to ensure compliance with security policies.
6. Physical Security
Access Control:
Physical access to our data centers and offices is restricted to authorized personnel only.
Security measures include key card access, surveillance cameras, and security personnel.
Environmental Controls:
Data centers are equipped with environmental controls such as fire suppression systems and temperature monitoring to protect hardware.
7. Vendor Management
Third-Party Security:
Third-party service providers are assessed for their security practices before engagement.
Contracts with third parties include security requirements to ensure compliance with our security standards.
Ongoing Monitoring:
Regular audits and assessments of third-party service providers are conducted to ensure continued compliance.
8. Compliance
Regulatory Compliance:
Our security practices comply with relevant regulations and standards, including GDPR, CCPA, SOC 2, and ISO 27001.
Regular audits are conducted to verify compliance with these standards.
Documentation:
Comprehensive documentation of our security policies, procedures, and controls is maintained and regularly updated.
9. Continuous Improvement
Risk Management:
Regular risk assessments are conducted to identify and mitigate potential security threats.
Security measures are continuously evaluated and improved based on emerging threats and best practices.
Security Testing:
Regular penetration testing and vulnerability assessments are conducted to identify and address security weaknesses.
If you have any questions about this Security Policy, please contact us at legal@teedup.ai.
By using our Services, you agree to the terms of this Security Policy.