Security Policy
1. Introduction
This policy outlines Freshline’s commitment to protecting the security of data going through our systems. We understand the critical importance of maintaining robust security measures and responsible data handling practices.
Freshline’s use and collection of personal information is governed by our Privacy Policy.
2. Data Storage and Protection
All data is stored in secure, encrypted databases. We implement industry-standard encryption protocols for data in transit and at rest. Regular backups are performed to prevent data loss.
3. Access Control
We enforce strict access controls based on the principle of least privilege. Multi-factor authentication is required for all internal Freshline resources, and encouraged for your customers. Regular access audits are conducted to ensure compliance.
4. Network Security
Our infrastructure is protected by enterprise-grade firewalls. Regular vulnerability scans and penetration tests are performed. We maintain up-to-date patch management for all systems and applications.
5. Incident Response
We have a comprehensive incident response plan in place. Any security incidents are promptly investigated and addressed. Clients will be notified of any breaches affecting their data in accordance with applicable laws.
6. Employee Training
All employees undergo regular security awareness training. Employees are required to adhere to our internal security policies and procedures.
7. Compliance
We comply with relevant industry standards and regulations (e.g., GDPR, CASL, SOC 2). Regular audits are conducted to ensure ongoing compliance.
This outlines Freshline’s comprehensive approach to managing and mitigating security incidents, ensuring we can swiftly and effectively respond to any emerging threats.
1. Preparation
Our engineering team has established incident response roles. We have continuous monitoring and alerting systems to ensure the health of our systems. Freshline regularly conducts security awareness training for all employees.
2. Identification Process
Our systems regularly monitor for anomalies, potential breaches, and security updates. We have incident classification criteria based off of business impact and reach
3. Containment Strategy
During an incident we limit the impact and isolate affected systems.
We record critical
evidence, notify relevant stakeholders and update our system status page
4. Recovery Plan
After identifying and addressing the root cause, we will restore systems as quickly as
possible while ensuring additional security measures are implemented.
After testing and returning to normal operations, we will notify relevant stakeholders and
update
our
system status page.
5. Post-Mortem Process
We conduct analysis within 2 business days of incident resolution, identifying root causes and addressing any weaknesses within our systems. Any relevant stakeholders will be notified of business-impacting outcomes to future-proof our systems.
Freshline operates a bug bounty program to encourage external security researchers to identify and report vulnerabilities in their systems. The program incentivizes researchers to collaborate with Freshline by offering rewards for valid vulnerabilities discovered and reported.
Found a bug? Contact engineering@freshline.io to report it.
Data destruction can be performed on request and will be accomodated within 5 business days.
After the termination of a customer's account, Freshline retains data for no longer than 30 days. After this period, all data is securely deleted from our systems.
These policies are regularly reviewed and updated. Clients will be notified of any significant changes.
For any questions or concerns, please contact our team at support@freshline.io.
Last updated: 28-10-2024