DATA AND INFORMATION SECURITY POLICY


Last updated January 1, 2021
Hidden Image Technology Solutions, LLC a/k/a WebDecoder® ("WebDecoder", "we", "us", or "our") is committed to protecting your Data and Information (as defined hereinafter) and keeping it secure. This Data Security Policy (the "Policy") explains details and policies regarding our Data and Information security.
When our clients and their customers visit our web domains https://dcrypto.com or https://webdecoder.com or any subdomains thereof (collectively, our "Sites") or mobile or web-based applications (our "Apps") and use our services, they trust us with their Data and Information. WebDecoder takes privacy very seriously and provides services in accordance with our privacy policy ("Privacy Policy").
This Policy applies to all Data and Information collected through our Sites, Apps and/or any related services, sales, marketing or events (we refer to them collectively in this Policy as the "Services").
1. SCOPE
This Policy refers to all Data and Information that WebDecoder collects from users, customers, vendors, or other parties that provide Data and Information to WebDecoder. WebDecoder employees, contractors, consultants, partners and any other external entity working with WebDecoder and granted access to its Data and Information also must follow this Policy.
2. DATA COLLECTION
WebDecoder collects Data and Information only for lawful purposes. This Data and Information is collected in a transparent way and only with the full cooperation and knowledge of the persons or entities from whom we gather the Data and Information. Once this Data and Information becomes available to us, the following rules apply.
3. DEFINITION OF PROTECTED DATA AND INFORMATION
The Data and Information that we collect from interactions with you or your customers depends on the context of the interactions in connection with our Sites, Apps or Services, the choices they make and the products and features they use. The Data and Information we collect (the "Data and Information") includes, without limitation, the following: (i) information disclosed to us, such as first and last name, email address, postal address, phone numbers and other contact information; (ii) information voluntarily provided to us when expressing an interest in obtaining information when participating in activities on the Services or Apps or otherwise contacting us; (iii) single sign-on information providing social media account details (see our Privacy Policy for more details); (iv) some information – such as IP address and/or browser and device characteristics – that is collected automatically through our Services or Apps, as well as other information collected automatically when you visiting, using or navigating our Services or Apps (while this information does not reveal specific identity, like name or contact information, it may include device and usage information, such as IP address, browser and device characteristics, operating system, language preferences, referring URLs, device name, country, location, information about how and when Services or Apps are used and other technical information; and (v) information collected through cookies and similar technologies.
4. DATA CENTERS AND DATA AND INFORMATION SECURITY
The platforms and databases we use to provide Services is hosted in secure data centers hosted and maintained by Amazon Web Services ("AWS"). Various security technologies, such as firewalls, are used to restrict access to systems from external networks and between systems internally. The databases we maintain are further secured by built in network and application firewalls.
We use the advanced set of access, encryption, logging features and APIs provided by AWS to maintain full control of our content and Data and Information. We implement access control permissions for the services we develop and deploy in the AWS environment. We control the AWS Regions in which the Data and Information is stored as well as the type of storage, redundancy parameters and back-up of our content. We make use of the strong encryption for Data and Information in transit and at rest offered by AWS and manage our encryption keys.
5. APPLICATION AND NETWORK SECURITY
We engage in the following methods to ensure your Data and Information is safe: (i) encrypt Data and Information in transit with 256 bit security keys and secure HTTP access (HTTPS) using TLS/SSL; (ii) hash passwords, so that no one (not even one of our employees) can read them; (iii) restrict and monitor access to our systems and the Data and Information we collect; (iv) limit the number of employees who have access to protected Data and Information; (v) require use of multi factor authentication for employees who have access to protected Data and Information; (vi) build secure networks to protect online Data and Information from cyber attacks; (v) protect against any unauthorized or illegal access by internal or external parties; and (vi) support a disclosure process. If you identify a vulnerability in our site or services, you can report it to info@webdecoder.com.
6. DATA PROTECTION
The Data and Information will not be: (i) stored for more than the amount of time specified in our customer contracts or other binding agreements; (ii) transferred to organizations, states, or countries that do not have adequate data protection policies; (iii) referenced publicly or via systems or communication channels not controlled by WebDecoder; (iv) distributed to any parties other than the ones agreed upon by the owner of the Data and Information (exempting legitimate requests from law enforcement authorities).
7. FURTHER OBLIGATIONS
In addition to handling the Data and Information safely, WebDecoder assumes other direct obligations toward the entities to which Data and Information belongs. Specifically, in our contracting with data sources, we inform the entities about: (i) what Data and Information is collected; (ii) how we will process their Data and Information; (iii) who has access to their Data and Information; and (iv) the circumstances under which we allow entities to request that we modify, erase, reduce, or correct Data and Information contained in our databases within legal guidelines specified by our client contracts or other binding agreements, company policies or law enforcement agencies.
8. SUSPECTED SECURITY BREACHES
WebDecoder is committed to protecting its customers, employees, and partners from illegal or damaging actions taken by individuals either knowingly or unknowingly and focuses significant attention on data security and data security breaches. In cases of suspected lost, corrupted, or compromised Data and Information, WebDecoder employees who suspect that a theft, breach, or exposure of protected Data and Information has occurred provide a description of the events involved directly to WebDecoder's Manager. Any other individual who suspects that a theft, breach, or exposure of protected Data and Information has occurred may provide a description of the events involved to WebDecoder by contacting info@webdecoder.com. This e mail address is monitored by WebDecoder Operations and will be escalated to the Manager on receipt of a valid report.
WebDecoder's Manager oversees the investigation of all reported thefts, data breaches, and exposures to confirm if a theft, breach, or exposure has occurred. If a theft, breach, or exposure has occurred, WebDecoder will follow the Procedure, as well as such additional commercially reasonable procedures as may be requested by its clients or, if applicable, their customers. As soon as a theft, breach, or exposure containing WebDecoder protected Data and Information is identified, WebDecoder will begin the process of removing all access to that resource. WebDecoder will work with experts to determine: (i) the types of Data and Information involved; (ii) the internal or external individuals and organizations impacted; (iii) how the theft, breach, or exposure occurred, including analysis of the root cause; and (iv) WebDecoder will work to communicate the theft, breach, or exposure to those directly affected and internal employees.
9. OPERATIONAL SECURITY AND ENFORCEMENT
At WebDecoder, we believe security is the responsibility of everyone who works for us. We train our employees so they can identify security risks and empower them to take action to prevent bad things from happening. Any WebDecoder personnel found violating any provision of this Policy is subject to disciplinary action, up to and including termination of employment. Our employees have signed confidentiality agreements, and we have the ability to shut off access to information and oversee the return of Data and Information in case of a security breach. Further, access to our systems and Data and Information is restricted to those who need access to provide support or deliver Services. We sign restrictive agreements with all third parties that work with us and may have access to Data and Information, requiring them to understand and follow the terms of this Policy. WebDecoder may terminate the network connection of any third party partner company or subcontractor found violating any provision of this Policy.
10. UPDATES TO THIS POLICY
We may update this Policy from time to time. The updated version will be indicated by an updated "Revised" date and the updated version will be effective as soon as it is accessible. If we make material changes to this Policy, we may notify you either by prominently posting a notice of such changes or by directly sending you a notification. We encourage you to review this Policy frequently to be informed of how we are protecting your information.
11. CONTACTING US ABOUT THIS POLICY
If you have questions or comments about this policy, you may email us at info@webdecoder.com or by U.S. Mail to:
Hidden Image Technology Solutions, LLC.
416 Pirkle Ferry Road
Suite K 500
Cumming, Georgia 30041
United States of America
Attn: Data and Information Security Policy