Security
Introduction
At SensaPay, we are committed to protecting the confidentiality, integrity, and availability of our customers' information. This Security Policy outlines the measures we take to safeguard personal and sensitive data from unauthorized access, disclosure, alteration, and destruction.
Scope
This policy applies to all employees, contractors, and third-party service providers who have access to SensaPay’s information systems and data.
Security Measures
Data Protection
Encryption: We use industry-standard encryption protocols (e.g., SSL/TLS) to protect data transmitted over public networks. Sensitive data stored on our servers is encrypted using advanced encryption standards.
Access Control: Access to sensitive data is restricted to authorized personnel only. We implement role-based access controls and regularly review access permissions.
Data Masking: Where applicable, we use data masking techniques to protect sensitive information in non-production environments.
Network Security
Firewalls: We employ firewalls to protect our network from unauthorized access and monitor network traffic for suspicious activity.
Intrusion Detection and Prevention Systems (IDPS): We use IDPS to detect and prevent potential threats to our network.
Endpoint Security
Antivirus and Anti-malware: We deploy antivirus and anti-malware software on all endpoints to detect and prevent malicious software.
Patch Management: We regularly update our systems and applications with the latest security patches to protect against vulnerabilities.
Physical Security
Access Control: Our data centers are protected by physical access controls, including security personnel, keycard access, and surveillance cameras.
Environmental Controls: Our data centers are equipped with environmental controls, such as fire suppression systems and climate control, to protect hardware from damage.
Employee Training and Awareness
Security Awareness Training: All employees undergo regular security awareness training to recognize and respond to security threats.
Acceptable Use Policy: Employees are required to adhere to our Acceptable Use Policy, which outlines acceptable behaviors and practices regarding the use of SensaPay’s information systems.
Incident Response
Incident Response Plan: We have a comprehensive incident response plan to quickly and effectively respond to security incidents. This plan includes procedures for incident detection, containment, eradication, recovery, and reporting.
Regular Drills: We conduct regular incident response drills to ensure our team is prepared to handle security incidents.
Third-Party Security
Vendor Risk Management: We assess the security practices of third-party service providers before engaging with them and require them to adhere to our security standards.
Data Sharing Agreements: We have data sharing agreements in place with third-party service providers to ensure the protection of shared data.
Compliance
Regulatory Compliance: We comply with all applicable laws and regulations related to data protection and security, including but not limited to the California Consumer Privacy Act (CCPA) and the General Data Protection Regulation (GDPR).
Regular Audits: We conduct regular security audits and assessments to ensure compliance with internal policies and regulatory requirements.
Reporting Security Incidents
If you suspect or become aware of a security incident involving SensaPay’s systems or data, please report it immediately to our Security Team at support@sensapay.com.
Policy Review
This Security Policy is reviewed annually and updated as necessary to reflect changes in our security practices or regulatory requirements.
Contact Information
If you have any questions or concerns about this Security Policy, please contact us at:
Email: support@sensapay.com
Postal Address: 5670 Wilshire Blvd, Suite 1230, Los Angeles, CA 90036