Information Security Policy
Last Revised: January 27, 2019
Simpler App Inc. (“Company”, “we” or “us”) takes information security seriously and has created this security Policy (“Security Policy”) to disclose its practices in safeguarding personal data processed through our services. We have implemented the below technical and organizational measures to protect the personal data processed by us, against loss, unlawful acts, destruction, alteration, unauthorized disclosure or access.
As part of our data protection compliance process we have prepared this Security Policy to provide you with a summary of the security measures and policies we obtain and require our partners and employees to comply with these standards and implement the same security measures when working with us.
THIS SECURITY POLICY OUTLINES THE COMPANY’S CURRENT SECURITY PRACTICES AS OF THE “LAST UPDATED” DATE INDICATED ABOVE. WE WILL KEEP UPDATING THIS POLICY FROM TIME TO TIME, AS REQUIRED BY APPLICABLE LAWS AND OUR INTERNAL POLICIES.
SYSTEM ACCESS CONTROL
Company’s database is accessible only by the designated employees. The personal data processed and by Company is stored in Amazon Web Services which enable access solely through personal user authentication. Access to the database is restricted and is based on procedures to ensure appropriate approvals are provided solely to the extent required. In addition, remote access to the database and wireless computing capabilities are restricted and require safeguards, including VPN protection or similar security level.
PHYSICAL ACCESS CONTROL
The Company secures any and all physical access to its offices. The Amazon Web Services datacenter located in the US, therefore for more information we recommends that you review Amazon’s security policy available here.
DATA ACCESS CONTROL
All access to a database, system or storage is solely with authorization hierarchy and password protection. Further, the access to the personal data is restricted to solely the employees that “need to know” and is protected by passwords and user names. The Company audits any and all access to the database and any unauthorized access is immediately reported and handled. Further, the Company has entered in to applicable and binding data processing agreements with its vendors and customers.
ORGANIZATIONAL AND OPERATIONAL SECURITY
The Company educates its employees and service providers, and raises awareness with regards to any processing of personal data. Internal security testing is done on a regular basis. Company’s IT team ensures security of all hardware and software, by installing anti-malware software including firewalls on computers to protect against malicious use and malicious software as well as virus detection on endpoints, etc. It is the responsibility of the individuals across the Company to comply with these practices and standards which they are bound to by the employment agreement.
The purpose of transfer control is to ensure that personal data cannot be read, copied, modified or removed by unauthorized parties during the electronic transmission of these data or during their transport or storage. Further, any and all transfers of the data (either between the servers, from client side to server side and between Company’s designated partners) is secured. The transfer of personal data is protected by EU-US Privacy Shield.
The Company’s servers include an automated backup procedure. Company has ensured all systems are protected by industry best standards of security systems and measures. Our legal team has ensured our legal documentation are updated to reflect any changes and to include the mandatory provisions required by the applicable data protection laws.
Employees, customers, vendors and applicable processors are all signed on binding agreements all of which include applicable data provisions and data security obligations. Employees are bound to comply with this Security Policy in addition to internal security policies and procedures and breaking or not complying with such shall result in disciplinary actions. To ensure the employees stay educated and up to date with applicable policies and legislation the Company holds annual compliance training which include data security education.