Data Security Policy

Effective Date: March 4, 2026

1. Commitment to Security

The Operator is committed to protecting the confidentiality, integrity, and availability of user data. We implement technical and organizational security measures designed to safeguard your information against unauthorized access, alteration, disclosure, or destruction.

2. Encryption

2.1 Data in Transit

All data transmitted between your browser and the Service is protected using TLS (Transport Layer Security) encryption. API communications between the Service and third-party platforms are conducted over encrypted channels.

2.2 Data at Rest

Sensitive data, including third-party platform credentials, is encrypted at rest using industry-standard encryption algorithms. Encryption keys are managed using secure key management practices and are stored separately from encrypted data.

3. Access Controls

• Access to production systems and user data is restricted to authorized personnel only;
• Administrative access requires multi-factor authentication;
• Access privileges follow the principle of least privilege;
• Access logs are maintained and periodically reviewed.

4. Authentication Security

• User passwords are stored in hashed form using strong, adaptive hashing algorithms;
• Session tokens are issued as HTTP-only, secure cookies to prevent client-side access;
• Sessions expire after a defined period of inactivity;
• Invalid login attempts are rate-limited to prevent brute-force attacks.

5. Infrastructure Security

• The Service is hosted on infrastructure that complies with industry-standard security certifications;
• Network traffic is filtered and monitored for anomalous activity;
• System patches and security updates are applied on a regular basis;
• Production environments are isolated from development and staging environments.

6. Application Security

• Input validation and output encoding are applied to prevent injection attacks;
• Content Security Policy (CSP) headers are implemented to mitigate cross-site scripting;
• Cross-site Request Forgery (CSRF) protections are enforced on state-changing requests;
• Security headers including X-Frame-Options, X-Content-Type-Options, and Referrer-Policy are applied.

7. Data Minimization

The Service collects and retains only the minimum data necessary to provide its functions. We do not intentionally store case details, client information, or proprietary data belonging to third-party platforms. Automation activity logs are retained for a limited period and are periodically purged.

8. Incident Response

In the event of a security breach or suspected unauthorized access to user data, the Operator will:

• Investigate the incident promptly and take steps to contain the breach;
• Notify affected users within a reasonable timeframe;
• Report the incident to relevant authorities as required by applicable law;
• Implement corrective measures to prevent recurrence.

9. Third-Party Processors

Where third-party service providers process data on our behalf (e.g., payment processors, hosting providers), we require those providers to maintain security practices consistent with industry standards and applicable regulations.

10. User Responsibilities

You are responsible for maintaining the security of your account by:

• Using a strong, unique password for your account;
• Not sharing your account credentials with others;
• Promptly notifying us if you suspect unauthorized access to your account;
• Logging out of shared or public devices;
• Keeping your contact information up to date.

11. No Absolute Guarantee

While we take reasonable measures to protect your data, no method of electronic storage or internet transmission is completely secure. We cannot guarantee the absolute security of your information and disclaim liability for breaches resulting from circumstances beyond our reasonable control.