Effective Date: 20th May, 2023
This Security Policy ("Policy") outlines the measures and guidelines implemented by Zirasales Limited ("we," "us," or "our") to ensure the security of our different software products ("the Service"). By accessing or using the Service, you agree to comply with this Policy. If you do not agree with this Policy, you may not access or use the Service.
Information Security
1.1 Confidentiality
We implement appropriate measures to protect the confidentiality of user data and any sensitive information processed or stored within the Service. Access to such information is restricted to authorized personnel only.
1.2 Data Encryption
We use industry-standard encryption techniques to protect data transmission and storage. This includes the use of Secure Socket Layer (SSL) or Transport Layer Security (TLS) encryption protocols for secure communication between users and the Service.
1.3 Access Controls
Access to the Service is granted based on the principle of least privilege. User access is restricted to only the functionalities and data necessary for their roles. Strong authentication mechanisms, such as passwords or multi-factor authentication, are employed to ensure authorized access.
1.4 Data Backups
We regularly backup user data to prevent loss and facilitate disaster recovery. These backups are securely stored and accessible only to authorized personnel.
Infrastructure Security
2.1 System Monitoring
We employ monitoring tools and techniques to detect and respond to security incidents promptly. This includes monitoring system logs, network traffic, and application behavior for signs of unauthorized activities.
2.2 Vulnerability Management
We conduct regular vulnerability assessments and penetration tests to identify and remediate security vulnerabilities in the Service. Patch management processes are in place to apply security updates and fixes promptly.
2.3 Incident Response
We have an incident response plan in place to address security incidents effectively. This includes procedures for reporting, investigating, containing, and mitigating security breaches or unauthorized access.
Physical Security
3.1 Data Centers
We utilize secure data centers or cloud service providers that implement physical security measures, such as access controls, surveillance, and environmental controls, to protect the infrastructure hosting the Service.
Employee Security
4.1 Security Awareness Training
We provide regular security awareness training to our employees to educate them about security best practices, their responsibilities, and the potential risks associated with their roles.
4.2 Confidentiality Agreements
All employees are required to sign confidentiality agreements, which outline their obligations to protect the confidentiality of user data and sensitive information.
Third-Party Security
5.1 Vendor Management
We evaluate the security practices of third-party vendors and service providers who have access to user data or are involved in the delivery of the Service. We ensure they have appropriate security controls in place to protect user information.
Compliance
We adhere to applicable laws and regulations regarding data protection and privacy, including but not limited to the General Data Protection Regulation (GDPR). We continuously monitor and update our practices to maintain compliance with relevant security standards.
Changes to the Policy
We reserve the right to modify or update this Policy at any time without prior notice. It is your responsibility to review this Policy periodically for any changes. Your continued use of the Service after the modifications constitutes your acceptance of the revised Policy.
Contact Us
If you have any questions, concerns, or inquiries regarding this Security Policy or the security practices of our Service, please contact us at legal@zirasales.com