Security Policy

Last Updated: October 30, 2024

1. Introduction#

This Security Policy describes the security measures and practices implemented by Operately doo (“Company,” “we,” “us,” or “our”) to protect our cloud-based business management software and related services (the “Service”) and your data. This Security Policy is incorporated into and subject to our Terms of Service.

2. Infrastructure Security#

2.1 Hosting#

Our Service is hosted on secure cloud infrastructure with:

  • Industry-standard physical and network security
  • Regular security updates and patches
  • Automated backup systems
  • Monitoring for suspicious activities

2.2 Data Encryption#

We protect your data using:

  • HTTPS/TLS for all data in transit
  • Encryption for sensitive data at rest
  • Secure key management practices

3. Access Controls#

3.1 User Access#

  • Strong password requirements
  • Secure authentication via Google Sign-in
  • Session management and automatic timeouts
  • Role-based access controls

3.2 Employee Access#

Our team follows strict security protocols:

  • Access granted on a need-to-know basis
  • Regular access review and revocation
  • Secure access management procedures

4. Monitoring and Incident Response#

4.1 Security Monitoring#

We maintain security through:

  • System monitoring and logging
  • Error tracking and analysis via Sentry
  • Regular security assessments
  • Automated alerting for suspicious activities

4.2 Incident Response#

In case of a security incident:

  • We will promptly investigate and respond
  • Affected users will be notified if required by law
  • We will take appropriate measures to prevent similar incidents

5. Third-Party Services#

We carefully select and monitor the security practices of our third-party service providers. For a complete list of third-party services we use, please refer to our Privacy Policy. All our service providers are required to maintain appropriate security measures and compliance with applicable security standards.

6. Security Practices#

6.1 Development Practices#

Our development team follows security best practices:

  • Code review requirements
  • Security testing
  • Regular dependency updates
  • Secure development guidelines

6.2 Operational Security#

We maintain operational security through:

  • Regular security updates
  • System hardening
  • Access logging
  • Security training for team members

7. Reporting Security Issues#

If you discover a security vulnerability, please report it to [email protected]. We will:

  • Promptly investigate all legitimate reports
  • Keep you informed of our progress
  • Not take legal action against you for good faith reports

8. Changes to This Policy#

We may update this Security Policy from time to time. We will notify users of material changes by posting the updated policy on our website.