DATA AND INFORMATION SECURITY
POLICY
Last updated January 1, 2021
Hidden Image Technology Solutions, LLC a/k/a WebDecoder® ("WebDecoder", "we", "us", or "our") is
committed to protecting your Data and Information (as defined hereinafter) and keeping it secure. This
Data Security Policy (the "Policy") explains details and policies regarding our Data and Information
security.
When our clients and their customers visit our web domains https://dcrypto.com or
https://webdecoder.com or any subdomains thereof (collectively, our "Sites") or mobile or web-based
applications (our "Apps") and use our services, they trust us with their Data and Information.
WebDecoder takes privacy very seriously and provides services in accordance with our privacy policy ("Privacy Policy").
This Policy applies to all Data and Information collected through our Sites, Apps and/or any related
services, sales, marketing or events (we refer to them collectively in this Policy as the "Services").
1. SCOPE
This Policy refers to all Data and Information that WebDecoder collects from users, customers,
vendors, or other parties that provide Data and Information to WebDecoder. WebDecoder employees,
contractors, consultants, partners and any other external entity working with WebDecoder and granted
access to its Data and Information also must follow this Policy.
2. DATA COLLECTION
WebDecoder collects Data and Information only for lawful purposes. This Data and Information is
collected in a transparent way and only with the full cooperation and knowledge of the persons or
entities from whom we gather the Data and Information. Once this Data and Information becomes available
to us, the following rules apply.
3. DEFINITION OF PROTECTED DATA AND INFORMATION
The Data and Information that we collect from interactions with you or your customers depends on the
context of the interactions in connection with our Sites, Apps or Services, the choices they make and
the products and features they use. The Data and Information we collect (the "Data and Information")
includes, without limitation, the following: (i) information disclosed to us, such as first and last
name, email address, postal address, phone numbers and other contact information; (ii) information
voluntarily provided to us when expressing an interest in obtaining information when participating in
activities on the Services or Apps or otherwise contacting us; (iii) single sign-on information
providing social media account details (see our Privacy Policy for more details); (iv) some information
– such as IP address and/or browser and device characteristics – that is collected automatically through
our Services or Apps, as well as other information collected automatically when you visiting, using or
navigating our Services or Apps (while this information does not reveal specific identity, like name or
contact information, it may include device and usage information, such as IP address, browser and device
characteristics, operating system, language preferences, referring URLs, device name, country, location,
information about how and when Services or Apps are used and other technical information; and (v)
information collected through cookies and similar technologies.
4. DATA CENTERS AND DATA AND INFORMATION SECURITY
The platforms and databases we use to provide Services is hosted in secure data centers hosted and
maintained by Amazon Web Services ("AWS"). Various security technologies, such as firewalls, are used to
restrict access to systems from external networks and between systems internally. The databases we
maintain are further secured by built in network and application firewalls.
We use the advanced set of access, encryption, logging features and APIs provided by AWS to maintain
full control of our content and Data and Information. We implement access control permissions for the
services we develop and deploy in the AWS environment. We control the AWS Regions in which the Data and
Information is stored as well as the type of storage, redundancy parameters and back-up of our content.
We make use of the strong encryption for Data and Information in transit and at rest offered by AWS and
manage our encryption keys.
5. APPLICATION AND NETWORK SECURITY
We engage in the following methods to ensure your Data and Information is safe: (i) encrypt Data and
Information in transit with 256 bit security keys and secure HTTP access (HTTPS) using TLS/SSL; (ii)
hash passwords, so that no one (not even one of our employees) can read them; (iii) restrict and monitor
access to our systems and the Data and Information we collect; (iv) limit the number of employees who
have access to protected Data and Information; (v) require use of multi factor authentication for
employees who have access to protected Data and Information; (vi) build secure networks to protect
online Data and Information from cyber attacks; (v) protect against any unauthorized or illegal access
by internal or external parties; and (vi) support a disclosure process. If you identify a vulnerability
in our site or services, you can report it to info@webdecoder.com.
6. DATA PROTECTION
The Data and Information will not be: (i) stored for more than the amount of time specified in our
customer contracts or other binding agreements; (ii) transferred to organizations, states, or countries
that do not have adequate data protection policies; (iii) referenced publicly or via systems or
communication channels not controlled by WebDecoder; (iv) distributed to any parties other than the ones
agreed upon by the owner of the Data and Information (exempting legitimate requests from law enforcement
authorities).
7. FURTHER OBLIGATIONS
In addition to handling the Data and Information safely, WebDecoder assumes other direct obligations
toward the entities to which Data and Information belongs. Specifically, in our contracting with data
sources, we inform the entities about: (i) what Data and Information is collected; (ii) how we will
process their Data and Information; (iii) who has access to their Data and Information; and (iv) the
circumstances under which we allow entities to request that we modify, erase, reduce, or correct Data
and Information contained in our databases within legal guidelines specified by our client contracts or
other binding agreements, company policies or law enforcement agencies.
8. SUSPECTED SECURITY BREACHES
WebDecoder is committed to protecting its customers, employees, and partners from illegal or damaging
actions taken by individuals either knowingly or unknowingly and focuses significant attention on data
security and data security breaches. In cases of suspected lost, corrupted, or compromised Data and
Information, WebDecoder employees who suspect that a theft, breach, or exposure of protected Data and
Information has occurred provide a description of the events involved directly to WebDecoder's Manager.
Any other individual who suspects that a theft, breach, or exposure of protected Data and Information
has occurred may provide a description of the events involved to WebDecoder by contacting
info@webdecoder.com. This e mail address is monitored by WebDecoder Operations and will be escalated to
the Manager on receipt of a valid report.
WebDecoder's Manager oversees the investigation of all reported thefts, data breaches, and exposures
to confirm if a theft, breach, or exposure has occurred. If a theft, breach, or exposure has occurred,
WebDecoder will follow the Procedure, as well as such additional commercially reasonable procedures as
may be requested by its clients or, if applicable, their customers. As soon as a theft, breach, or
exposure containing WebDecoder protected Data and Information is identified, WebDecoder will begin the
process of removing all access to that resource.
WebDecoder will work with experts to determine: (i) the types of Data and Information involved; (ii) the
internal or external individuals and organizations impacted; (iii) how the theft, breach, or exposure
occurred, including analysis of the root cause; and (iv)
WebDecoder will work to communicate the theft, breach, or exposure to those directly affected and
internal employees.
9. OPERATIONAL SECURITY AND ENFORCEMENT
At WebDecoder, we believe security is the responsibility of everyone who works for us. We train our
employees so they can identify security risks and empower them to take action to prevent bad things from
happening. Any WebDecoder personnel found violating any provision of this Policy is subject to
disciplinary action, up to and including termination of employment. Our employees have signed
confidentiality agreements, and we have the ability to shut off access to information and oversee the
return of Data and Information in case of a security breach.
Further, access to our systems and Data and Information is restricted to those who need access to
provide support or deliver Services. We sign restrictive agreements with all third parties that work
with us and may have access to Data and Information, requiring them to understand and follow the terms
of this Policy. WebDecoder may terminate the network connection of any third party partner company or
subcontractor found violating any provision of this Policy.
10. UPDATES TO THIS POLICY
We may update this Policy from time to time. The updated version will be indicated by an updated
"Revised" date and the updated version will be effective as soon as it is accessible. If we make
material changes to this Policy, we may notify you either by prominently posting a notice of such
changes or by directly sending you a notification. We encourage you to review this Policy frequently to
be informed of how we are protecting your information.
11. CONTACTING US ABOUT THIS POLICY
If you have questions or comments about this policy, you may email us at info@webdecoder.com or by
U.S. Mail to:
Hidden Image Technology Solutions, LLC.
416 Pirkle Ferry Road
Suite K 500
Cumming, Georgia 30041
United States of America
Attn: Data and Information Security Policy