Security Policy
Last Updated: October 30, 2024
1. Introduction#
This Security Policy describes the security measures and practices implemented by Operately doo (“Company,” “we,” “us,” or “our”) to protect our cloud-based business management software and related services (the “Service”) and your data. This Security Policy is incorporated into and subject to our Terms of Service.
2. Infrastructure Security#
2.1 Hosting#
Our Service is hosted on secure cloud infrastructure with:
- Industry-standard physical and network security
- Regular security updates and patches
- Automated backup systems
- Monitoring for suspicious activities
2.2 Data Encryption#
We protect your data using:
- HTTPS/TLS for all data in transit
- Encryption for sensitive data at rest
- Secure key management practices
3. Access Controls#
3.1 User Access#
- Strong password requirements
- Secure authentication via Google Sign-in
- Session management and automatic timeouts
- Role-based access controls
3.2 Employee Access#
Our team follows strict security protocols:
- Access granted on a need-to-know basis
- Regular access review and revocation
- Secure access management procedures
4. Monitoring and Incident Response#
4.1 Security Monitoring#
We maintain security through:
- System monitoring and logging
- Error tracking and analysis via Sentry
- Regular security assessments
- Automated alerting for suspicious activities
4.2 Incident Response#
In case of a security incident:
- We will promptly investigate and respond
- Affected users will be notified if required by law
- We will take appropriate measures to prevent similar incidents
5. Third-Party Services#
We carefully select and monitor the security practices of our third-party service providers. For a complete list of third-party services we use, please refer to our Privacy Policy. All our service providers are required to maintain appropriate security measures and compliance with applicable security standards.
6. Security Practices#
6.1 Development Practices#
Our development team follows security best practices:
- Code review requirements
- Security testing
- Regular dependency updates
- Secure development guidelines
6.2 Operational Security#
We maintain operational security through:
- Regular security updates
- System hardening
- Access logging
- Security training for team members
7. Reporting Security Issues#
If you discover a security vulnerability, please report it to [email protected]. We will:
- Promptly investigate all legitimate reports
- Keep you informed of our progress
- Not take legal action against you for good faith reports
8. Changes to This Policy#
We may update this Security Policy from time to time. We will notify users of material changes by posting the updated policy on our website.