1. Scope of Policy
This policy applies to all data collected, processed, and stored by Veranduo, including:
User account information (e.g., name, email address).
Business data from operations (e.g., sales, offers).
Any other data you provide while using our platform.
2. Security Measures
a. Encryption
All data transmitted between your device and our servers is encrypted using SSL/TLS protocols.
Sensitive data stored on our servers is encrypted using industry-standard algorithms.
b. Access Control
Access to user data is restricted to authorized personnel only, based on the principle of least privilege.
Multi-factor authentication (MFA) is implemented for internal systems to enhance access security.
c. Network Security
Our systems are protected by firewalls, intrusion detection systems, and continuous monitoring to detect and prevent unauthorized access.
We perform regular vulnerability assessments and penetration testing to identify and address potential threats.
d. Data Segmentation
User data is logically segmented to prevent unauthorized access between accounts.
3. Data Retention and Disposal
We retain your data only for as long as necessary to provide our services or comply with legal obligations.
When data is no longer needed, it is securely deleted or anonymized using approved methods.
4. Incident Response
In the event of a data breach or security incident, we have a robust incident response plan to:
Contain and mitigate the impact of the incident.
Notify affected users and relevant authorities as required by applicable laws.
Conduct a thorough investigation to prevent future incidents.
5. User Responsibilities
While we implement strong security measures, users also play a vital role in protecting their data. We recommend:
Using strong, unique passwords for your Veranduo account.
Enabling two-factor authentication (if available).
Keeping your login credentials confidential.
6. Compliance with Standards
Veranduo adheres to industry best practices and regulatory requirements for data security, including:
GDPR (General Data Protection Regulation) for users in the EU.
CCPA (California Consumer Privacy Act) for users in California.
Other relevant data protection laws based on user locations.
7. Regular Audits and Updates
We perform regular audits of our security systems and practices to ensure compliance with evolving standards.
This policy will be reviewed and updated periodically to reflect changes in technology, threats, or regulatory requirements.
8. Third-Party Security
We vet all third-party service providers to ensure they meet stringent security standards.
Data shared with third-party providers (e.g., for hosting, analytics) is protected through encryption and strict contractual agreements.
