Security Commitments to Our Customers
Last updated September 5, 2023
Thank you for choosing Surfboard Technology Limited (“Surfboard”, “we”, “us”, “our”) as your trusted partner. We recognize the importance of safeguarding your data and are deeply committed to ensuring the highest standards of security for your information. If you have any questions or concerns about our security practices or the commitments we make to you, please reach out to us at contact@teamsurfboard.com.
When you visit our website https://teamsurfboard.com/ (the “Website”), or any of our services (collectively referred to as the “Services”), you entrust us with your valuable data.
We take this responsibility with utmost seriousness. In these security commitments, we aim to transparently outline the measures we’ve put in place to protect your data, how we maintain the integrity of that data, and the steps we take to ensure its confidentiality.
It’s essential for you to be fully informed about our security practices. If there are any aspects of our security commitments that you’re uncomfortable with, we urge you to reach out to us or reconsider the use of our Services.
These security commitments apply whenever you interact with any facet of our Services, be it through our Website, related services, sales, marketing initiatives, or events.
Please review these commitments diligently. They are designed to give you a comprehensive understanding of our dedication to ensuring the security of the information you entrust to us.
Table of contents
- DATA PROTECTION
- INFRASTRUCTURE SECURITY
- ACCESS CONTROLS
- SECURITY MONITORING AND INCIDENT RESPONSE
- EMPLOYEE TRAINING AND AWARENESS
- VENDOR AND THIRD-PARTY MANAGEMENT
- REGULAR SECURITY ASSESSMENTS
- DATA PRIVACY
- DISASTER RECOVERY AND BUSINESS CONTINUITY
- CONTINUOUS IMPROVEMENT
1. Data Protection
- We use advanced encryption technologies to ensure that your data, both at rest and in transit, remains confidential and protected from unauthorised access. This includes data collected during your interactions with our website, as well as any data collected through third-party tools like Hotjar.
- Regular data backups are performed to prevent data loss. Backups are stored in secure, geographically separate locations from our primary data centre.
2. Infrastructure Security
- Our infrastructure providers are vetted thoroughly and are required to maintain industry-recognized certifications.
- We ensure that our servers are regularly updated and patched against known vulnerabilities.
3. Access Controls
- We enforce strict role-based access controls, ensuring that only authorised personnel can access customer data.
- Two-factor authentication (2FA) is mandatory for all personnel with access to customer data.
4. Security Monitoring and Incident Response
- We continuously monitor our systems for suspicious activity, including the tracking of user behaviour through tools like Hotjar, to ensure a secure user experience.
- In the unlikely event of a security incident, we commit to notifying affected customers in a timely manner, according to legal and contractual requirements.
5. Employee Training and Awareness
- All our employees undergo security awareness training annually. This training emphasises the importance of customer data protection and our security best practices.
- Our technical team receives additional, specific training about the security aspects of their roles.
6. Vendor and Third-Party Management
- All third-party vendors, including those that provide tools for data analytics and user experience tracking, are assessed for their security practices.
- We establish data protection agreements with vendors to ensure they adhere to the same strict standards we impose on ourselves. This includes any potential business partners in scenarios like mergers or acquisitions.
7. Regular Security Assessments
- We undergo annual security assessments and penetration tests conducted by independent third-party auditors to identify and rectify potential vulnerabilities
8. Data Privacy
- We are committed to upholding data privacy laws and regulations relevant to our customers. Our privacy policy, which serves as our primary guide, outlines how we handle and protect customer data.
9. Disaster Recovery and Business Continuity
- We have a documented disaster recovery plan that ensures service continuity in the face of adverse events.
- Regularly scheduled drills are performed to ensure our readiness in case of unforeseen interruptions.
10. Continuous Improvement
- Our security posture is not static. We consistently review and enhance our security policies, procedures, and practices to address new threats and challenges, always aligning with the standards set in our Privacy Policy.