At Suprvise GbR, the security of your data is our highest priority. This Security Policy describes the technical and organizational measures we implement to ensure the confidentiality, integrity, and availability of our systems and your information.
1. Our Security Principles
- Confidentiality: We protect your data from unauthorized access at all times.
- Integrity: We safeguard data accuracy and prevent unauthorized modification or deletion.
- Availability: We ensure our services and your data are available when you need them.
- Transparency: We communicate openly about our security practices and incidents.
2. Technical and Organizational Measures
a) Data Encryption
- All data is encrypted both in transit (using TLS 1.2/1.3) and at rest.
- Sensitive information, such as passwords, is hashed and salted.
b) Access Controls
- Access to systems and data is strictly role-based and limited to authorized personnel.
- Strong authentication mechanisms are enforced (e.g., password complexity, 2FA where applicable).
c) Secure Development Practices
- Our software is developed following secure coding guidelines and regular code reviews.
- Dependencies are regularly audited for vulnerabilities.
d) Network Security
- Our infrastructure is protected by firewalls and monitored for suspicious activity.
- Regular vulnerability assessments and penetration testing are conducted.
e) Data Backup & Recovery
- Data is backed up regularly and stored securely.
- Disaster recovery plans are in place and tested periodically.
f) Incident Response
- Security incidents are tracked and managed according to an established response plan.
- Affected users are notified promptly in case of any significant incident.
3. Vendor and Third-Party Security
- We only work with trusted vendors who demonstrate adequate security controls.
- Data processing agreements are in place with all third-party service providers.
4. Employee Training & Awareness
- All employees receive regular security awareness training.
- Access rights are reviewed and updated upon changes in employment status.
5. User Responsibilities
- Users must keep login credentials confidential and report any suspicious activity.
- Users are encouraged to enable additional security features (e.g., 2FA) when available.
6. Reporting Security Issues
If you believe you have discovered a security vulnerability or incident related to Suprvise, please contact us immediately at contact@suprvise.com.
7. Policy Updates
We may update this Security Policy to reflect changes in our practices or legal requirements. The latest version will always be available on our website.
Last updated: June 27, 2025