Data Security Policy
Last Updated: 8/15/2023
This Data Security Policy outlines the security measures and practices implemented by Keep The Fees for our Software-as-a-Service (SaaS) platform. We are committed to ensuring the security and protection of customer data and have implemented a range of technical and organizational measures to safeguard against unauthorized access, data breaches, and other security threats.
Data Handling and Storage
- Secure Azure Infrastructure: Our SaaS platform is hosted on Microsoft Azure, a leading cloud provider known for its robust security measures and compliance certifications. Azure’s security infrastructure provides multiple layers of protection, including network security, data encryption, and identity and access management.
- Database Security: All databases containing customer data are configured with strict firewall rules, allowing access only from authorized and authenticated sources. Data at rest within the databases is encrypted to prevent unauthorized access in case of a breach.
- Data Classification: We classify data based on sensitivity and access requirements. Access controls and permissions are enforced based on the classification of data, ensuring that only authorized personnel have access to specific data sets.
- Data Retention: Customer data is retained only for the duration necessary to fulfill the purposes for which it was collected. Once data is no longer required, it is securely deleted from our systems.
- Role-Based Access: Access to the SaaS platform and its underlying infrastructure is granted on a need-to-know basis. Users are assigned roles and permissions that align with their responsibilities, and access requests are regularly reviewed and updated.
- Multi-Factor Authentication (MFA): MFA is enforced for accessing the backend platform and management consoles. This additional layer of security ensures that only authorized personnel can access sensitive systems.
- Firewall Protection: In addition to the Azure firewall, our platform employs firewalls at multiple layers to prevent unauthorized access, including application-level firewalls to protect against common web vulnerabilities.
- Encryption: Data transmitted between clients and our platform is encrypted using industry-standard protocols (e.g., HTTPS) to prevent interception and tampering.
- Intrusion Detection and Prevention: We utilize intrusion detection and advanced application logging techniques to continuously monitor platform activity for signs of suspicious or unauthorized activity.
Compliance and Auditing
- Regulatory Compliance: We are committed to complying with relevant data protection regulations, including but not limited to GDPR, HIPAA, and others that apply to our customers’ industries and locations.
- Security Audits: Regular security assessments and audits are conducted to evaluate the effectiveness of our security measures, identify vulnerabilities, and implement necessary improvements.
Employee Training and Awareness
- Security Training: All employees undergo comprehensive security training to ensure they understand security best practices, data handling procedures, and their roles in maintaining a secure environment.
- Incident Response: Employees are trained in incident response procedures to effectively detect, report, and mitigate security incidents in a timely manner.
At Keep The Fees, data security is a top priority. We are dedicated to maintaining a secure environment for our SaaS platform and customer data. Our security practices are continuously reviewed and updated to adapt to emerging threats and industry best practices.
For any questions or concerns related to our data security practices, please contact our Team at firstname.lastname@example.org