Last Updated: March 14, 2019
Even though we do not collect any of your personal data as part of the Privacy Monitor service, we still take security very seriously. This is how we handle the data that we do receive.
- All data transmitted between users of Privacy Monitor and the Privacy Monitor servers is encrypted in transit.
- All data received and stored by Privacy Monitor is encrypted at rest.
Osano’s technical infrastructure is hosted on Amazon Web Services SOC 2 accredited data centers. Physical security controls at AWS data centers include 24x7 monitoring, cameras, visitor logs, and entry requirements.
All services related to operations and infrastructure are accessible only through secure connectivity (e.g., SSL, SSH). All systems require multi-factor authentication. Our back-office, service, and infrastructure password policies require minimum lengths, complexity, expiration, lockout, and disallows reuse. Osano grants access to staff and contractors on the basis of least privilege rules, reviews permissions monthly, and revokes access immediately after employee termination.
All employees of Osano undergo national background checks, are required to sign non-disclosure agreements, and complete security training.
All systems and applications undergo security review for vulnerabilities prior to production deployment. All application dependencies are monitored for vulnerabilities using third party dependency scanning tools.
Osano maintains industry standard security incident response policies and procedures.
Changes to this Security Statement
We may update this Security Statement from time to time based on changes to applicable laws and regulations or other requirements applicable to us, changes in technology, or changes to our business. Any changes we make to the Security Statement in the future will be posted on this page, so you should review it periodically.