DATA AND INFORMATION SECURITY POLICY
Last updated January 1, 2019
Hidden Image Technology Solutions, LLC a/k/a WebDecoder® ("WebDecoder", "we", "us", or "our") is committed to protecting your Data and Information (as defined hereinafter) and keeping it secure. This Data Security Policy (the "Policy") explains details and policies regarding our Data and Information security.
This Policy applies to all Data and Information collected through our Sites, Apps and/or any related services, sales, marketing or events (we refer to them collectively in this Policy as the "Services").
This Policy refers to all Data and Information that WebDecoder collects from users, customers, vendors, or other parties that provide Data and Information to WebDecoder. WebDecoder employees, contractors, consultants, partners and any other external entity working with WebDecoder and granted access to its Data and Information also must follow this Policy.
2. DATA COLLECTION
WebDecoder collects Data and Information only for lawful purposes. This Data and Information is collected in a transparent way and only with the full cooperation and knowledge of the persons or entities from whom we gather the Data and Information. Once this Data and Information becomes available to us, the following rules apply.
3. DEFINITION OF PROTECTED DATA AND INFORMATION
4. DATA CENTERS AND DATA AND INFORMATION SECURITY
The platforms and databases we use to provide Services is hosted in secure data centers hosted and maintained by Amazon Web Services ("AWS"). Various security technologies, such as firewalls, are used to restrict access to systems from external networks and between systems internally. The databases we maintain are further secured by built in network and application firewalls.
We use the advanced set of access, encryption, logging features and APIs provided by AWS to maintain full control of our content and Data and Information. We implement access control permissions for the services we develop and deploy in the AWS environment. We control the AWS Regions in which the Data and Information is stored as well as the type of storage, redundancy parameters and back-up of our content. We make use of the strong encryption for Data and Information in transit and at rest offered by AWS and manage our encryption keys.
5. APPLICATION AND NETWORK SECURITY
We engage in the following methods to ensure your Data and Information is safe: (i) encrypt Data and Information in transit with 256 bit security keys and secure HTTP access (HTTPS) using TLS/SSL; (ii) hash passwords, so that no one (not even one of our employees) can read them; (iii) restrict and monitor access to our systems and the Data and Information we collect; (iv) limit the number of employees who have access to protected Data and Information; (v) require use of multi factor authentication for employees who have access to protected Data and Information; (vi) build secure networks to protect online Data and Information from cyber attacks; (v) protect against any unauthorized or illegal access by internal or external parties; and (vi) support a disclosure process. If you identify a vulnerability in our site or services, you can report it to firstname.lastname@example.org.
6. DATA PROTECTION
The Data and Information will not be: (i) stored for more than the amount of time specified in our customer contracts or other binding agreements; (ii) transferred to organizations, states, or countries that do not have adequate data protection policies; (iii) referenced publicly or via systems or communication channels not controlled by WebDecoder; (iv) distributed to any parties other than the ones agreed upon by the owner of the Data and Information (exempting legitimate requests from law enforcement authorities).
7. FURTHER OBLIGATIONS
In addition to handling the Data and Information safely, WebDecoder assumes other direct obligations toward the entities to which Data and Information belongs. Specifically, in our contracting with data sources, we inform the entities about: (i) what Data and Information is collected; (ii) how we will process their Data and Information; (iii) who has access to their Data and Information; and (iv) the circumstances under which we allow entities to request that we modify, erase, reduce, or correct Data and Information contained in our databases within legal guidelines specified by our client contracts or other binding agreements, company policies or law enforcement agencies.
8. SUSPECTED SECURITY BREACHES
WebDecoder is committed to protecting its customers, employees, and partners from illegal or damaging actions taken by individuals either knowingly or unknowingly and focuses significant attention on data security and data security breaches. In cases of suspected lost, corrupted, or compromised Data and Information, WebDecoder employees who suspect that a theft, breach, or exposure of protected Data and Information has occurred provide a description of the events involved directly to WebDecoder's Manager. Any other individual who suspects that a theft, breach, or exposure of protected Data and Information has occurred may provide a description of the events involved to WebDecoder by contacting email@example.com. This e mail address is monitored by WebDecoder Operations and will be escalated to the Manager on receipt of a valid report.
WebDecoder's Manager oversees the investigation of all reported thefts, data breaches, and exposures to confirm if a theft, breach, or exposure has occurred. If a theft, breach, or exposure has occurred, WebDecoder will follow the Procedure, as well as such additional commercially reasonable procedures as may be requested by its clients or, if applicable, their customers. As soon as a theft, breach, or exposure containing WebDecoder protected Data and Information is identified, WebDecoder will begin the process of removing all access to that resource.
WebDecoder will work with experts to determine: (i) the types of Data and Information involved; (ii) the internal or external individuals and organizations impacted; (iii) how the theft, breach, or exposure occurred, including analysis of the root cause; and (iv)
WebDecoder will work to communicate the theft, breach, or exposure to those directly affected and internal employees.
9. OPERATIONAL SECURITY AND ENFORCEMENT
At WebDecoder, we believe security is the responsibility of everyone who works for us. We train our employees so they can identify security risks and empower them to take action to prevent bad things from happening. Any WebDecoder personnel found violating any provision of this Policy is subject to disciplinary action, up to and including termination of employment. Our employees have signed confidentiality agreements, and we have the ability to shut off access to information and oversee the return of Data and Information in case of a security breach.
Further, access to our systems and Data and Information is restricted to those who need access to provide support or deliver Services. We sign restrictive agreements with all third parties that work with us and may have access to Data and Information, requiring them to understand and follow the terms of this Policy. WebDecoder may terminate the network connection of any third party partner company or subcontractor found violating any provision of this Policy.
10. UPDATES TO THIS POLICY
We may update this Policy from time to time. The updated version will be indicated by an updated "Revised" date and the updated version will be effective as soon as it is accessible. If we make material changes to this Policy, we may notify you either by prominently posting a notice of such changes or by directly sending you a notification. We encourage you to review this Policy frequently to be informed of how we are protecting your information.
11. CONTACTING US ABOUT THIS POLICY
If you have questions or comments about this policy, you may email us at firstname.lastname@example.org or by U.S. Mail to:
Hidden Image Technology Solutions, LLC.
416 Pirkle Ferry Road
Suite K 500
Cumming, Georgia 30041
United States of America
Attn: Data and Information Security Policy
Clients we have been fortunate to work with