Security Policy

1. Security Commitment

At Service, we implement rigorous technical, administrative, and physical safeguards to protect your data. Our security framework adheres to global standards to prevent unauthorized access, disclosure, modification, or destruction of information.

2. Data Encryption

• 256-bit TLS encryption for all data in transit
• AES-256 encryption for data at rest
• End-to-end encryption available for premium accounts

3. Access Controls

We enforce strict role-based access controls and require multi-factor authentication (MFA) for all administrative actions. Employee access is limited to job requirements and subject to regular audits.

4. Security Audits

• Quarterly third-party penetration testing
• Annual SOC 2 Type II audits
• Continuous vulnerability scanning using automated tools

5. Incident Response

Our 24/7 Security Operations Center (SOC) monitors threats continuously. In case of a breach, we follow a formal incident response plan including:

• Immediate containment and investigation
• Notification to affected users within 72 hours
• Free credit monitoring for 12 months for affected accounts

6. Compliance

We maintain compliance with:

• ISO/IEC 27001 Information Security Management
• GDPR for EU data protection
• CIS Critical Security Controls

7. User Responsibilities

• Enable MFA for your account
• Regularly update API access tokens
• Report security issues via our support portal