Get Started for Free

Security Policy

Effective Date: December 23, 2024

 

Purpose

The purpose of this Security Policy is to establish the guidelines and practices that ensure the confidentiality, integrity, and availability of data processed, stored, and transmitted by the Smarter Form platform owned by Outsouth Technologies Limited (the “Company”). This policy aligns with industry best practices, legal requirements, and regulatory standards to protect users and their data.

Scope

This policy applies to all employees, contractors, service providers, partners, and users of the Smarter Form platform, including any systems, networks, and applications used to manage and process information.

 

Policy Guidelines

Data Protection

  • Encryption:
    All data, both at rest and in transit, must be encrypted using strong encryption protocols (e.g., AES-256 for data at rest, TLS 1.2 or higher for data in transit).
  • Access Controls:
    Access to user data is restricted to authorized personnel based on the principle of least privilege (PoLP). Multi-factor authentication (MFA) is required for all administrative access.

Secure Development

  • Code Reviews:
    All code changes are subject to peer review and automated security testing to identify and mitigate vulnerabilities.
  • OWASP Compliance:
    Development follows the OWASP Top 10 security guidelines to mitigate risks such as SQL injection, XSS, and other common threats.

Data Retention

  • Retention Period:
    Data processed through Smarter Form, including forms submitted by users, is retained for a maximum period of ninety (90) days.
  • Data Deletion:
    After the retention period expires, the data is permanently deleted from all systems and cannot be recovered.

This data retention practice ensures compliance with privacy standards while maintaining the integrity and security of user data.

Incident Response

  • Monitoring:
    Continuous monitoring of the platform’s infrastructure is conducted to detect and respond to potential security incidents.
  • Incident Management Plan:
    A formal incident response plan is maintained to ensure timely identification, containment, eradication, and recovery from security incidents.

Third-Party Provider

  • Assessment:

While the Company is not directly responsible for how data is stored or processed by its third-party providers, it takes measures to engage reputable providers who are SOC 2 certified and ISO/IEC 27001 compliant with GDPR, CCPA, HIPAA, and other relevant data protection regulations.

  • Service:

Third-party providers include companies or individuals engaged by the Company to facilitate the Service as outlined in our Privacy Policy , deliver the Service on the Company’s behalf, perform activities related to the Service, or assist in analyzing the Service’s usage, performance, or effectiveness of the Service.

Backup and Recovery

  • Data Backups:
    Regular backups of critical data are performed and stored securely, with periodic testing to ensure recoverability.
  • Disaster Recovery:
    A disaster recovery plan is in place to restore operations with minimal downtime in the event of a major incident.

Compliance

  • Legal and Regulatory Adherence:
    Smarter Form complies with applicable laws and regulations, such as GDPR, CCPA, and HIPAA, depending on the jurisdictions and industries served.
  • Audit:
    Regular audits are conducted to ensure compliance with this security policy and related standards.

Continuous Improvement

  • Vulnerability Management:
    Regular vulnerability assessments and penetration testing are conducted to identify and address potential weaknesses.
  • Feedback Loop:
    Security practices are updated based on lessons learned from incidents, user feedback, and advancements in security technology.

Responsibilities

  • Management:
    Ensure that adequate resources are allocated to implement and maintain security measures.
  • Employees and Contractors:
    Adhere to the security guidelines and report potential vulnerabilities or incidents promptly.
  • Users:
    Adhere to standard data security best practices to safeguard your accounts and data on the platform. These include creating strong, unique passwords, keeping passwords confidential, avoiding staying logged in on unauthorized or public computers/devices, and being vigilant against phishing attempts.

Enforcement

Non-compliance with this policy may result in disciplinary actions, including termination of access or contractual agreements. Legal actions may also be pursued if negligence leads to data breaches or harm.

Review and Updates

This Security Policy is reviewed annually or whenever significant changes occur in the platform’s infrastructure, regulations, or threat landscape.

© 2025 Outsouth Technologies Limited. All Rights Reserved │ Registration No. 106992
Privacy Policy
Security Policy
Terms & Conditions
Linkedin