CircleHD Inc. “CircleHD” understands the importance of data security and protection and, as such, has implemented this security policy. Amazon Web Services (AWS) and Google Cloud provide storage for our valuable data. We are committed to ensuring that the confidentiality, integrity, and availability of data are protected by following our policies and procedures. We believe that safeguarding our data is critical to maintaining the trust of our customers and stakeholders.
We are committed to implementing appropriate security controls to protect data against unauthorized access, disclosure, or misuse. We ensure data security by encrypting data in transit and at rest, implementing strict access control measures, implementing regular backups, and enforcing strict password requirements. We also restrict access to data based on the need-to-know principle.
To outline the policies and procedures for data security at CircleHD who stores data on AWS and replicates it to Google Cloud, and to ensure that effective measures are implemented to safeguard the confidentiality, integrity, and availability of data in line with our security commitments.
This policy applies to all employees, contractors, consultants, external vendors, and third-party partners who have access to CircleHD’s data or the company’s IT infrastructure.
All data is encrypted in transit and at rest using industry-standard encryption protocols (AES-256). Encryption keys are managed and stored securely, with access restricted to authorized personnel. This ensures that our data is protected against unauthorized access or disclosure.
We use Google Cloud as a backup for our AWS environment, ensuring high availability of data. We maintain the same level of security controls and measures on Google Cloud as we do on AWS to ensure our data’s consistent protection.
RPO – 1 Hour, RTO- 1 Hour
– Access Control: Access to data is restricted to authorized personnel, and access requests are processed following the standard change approval process.
– Data Backup: Data backups are conducted regularly and tested to ensure data integrity.
– Disaster Recovery: The Disaster Recovery Plan is in place for all critical systems and is reviewed annually.
– Incident Response: All security incidents are investigated promptly and reported to the necessary stakeholders.
We comply with all applicable data protection regulations, including the General Data Protection Regulation (GDPR), California Consumer Privacy Act (CCPA), and other privacy laws.
We provide periodic training and awareness programs to ensure that all employees, contractors, consultants, external vendors, and third-party partners of their roles and responsibilities towards data security.
We execute nondisclosure agreements (NDAs) and assess third-party partners’ security controls regarding data protection before granting access.
Questions or comments about the Application may be directed to us by sending email to firstname.lastname@example.org