Security Policy

Last Updated: 1st November 2024

1. Data Encryption

We use industry-standard encryption to protect your data:

• Data in Transit: All data transmitted between your device and our servers is encrypted using Transport Layer Security (TLS).
• Data at Rest: Sensitive data stored on our servers is encrypted using industry-standard encryption algorithms.
• Password Security: Your passwords are never stored in plain text. We use industry-standard hashing algorithms to securely store password information.

2. Secure Data Storage

Your data is stored securely in the European Union (EU), ensuring compliance with GDPR and UK data protection regulations:

• Geographic Location: All primary data storage is located within the EU.
• Data Centers: Our data is stored in secure, professionally managed data centers.
• Backup Systems: Encrypted backups are performed to ensure data availability and recovery.

3. Access Controls and Authentication

We implement multiple layers of access control to protect your account:

• User Authentication: Access to your account requires a valid email address and a strong password.
• Session Management: User sessions are managed securely with automatic timeout after periods of inactivity.
• Access Restrictions: Only you and your designated Goodbye Guardians can access your information.
• Account Protection: We implement measures to protect against unauthorized access attempts.

4. Network Security

We protect our infrastructure with comprehensive network security measures:

• HTTPS/SSL: All connections to our website are secured using HTTPS with valid SSL/TLS certificates.
• Firewall Protection: Our servers are protected by firewalls that monitor and control network traffic.
• Service Availability: We work with our hosting providers to maintain service availability.
• Security Updates: We maintain our systems with security updates to protect against known vulnerabilities.

5. Application Security

We follow security best practices in our application development and deployment:

• Secure Coding Practices: Our development team follows secure coding guidelines to prevent common vulnerabilities such as SQL injection, cross-site scripting (XSS), and other security risks.
• Input Validation: All user inputs are validated and sanitized.
• Security Reviews: We conduct security reviews and assessments as needed.
• Third-Party Security: We carefully vet and monitor third-party services and libraries.

6. Physical Security

While we use cloud-based infrastructure managed by professional hosting providers, we ensure that:

• Data Center Security: Our hosting providers maintain physical security measures at their data centers.
• Access Controls: Physical access to servers is restricted to authorized personnel only.

7. Monitoring and Incident Response

We actively monitor our systems for security threats and have procedures in place to respond to incidents:

• Security Monitoring: We continuously monitor our systems for suspicious activity.
• Incident Response Plan: We have established procedures for responding to security incidents.
• Breach Notification: In the event of a data breach that affects your personal information, we will notify you and relevant authorities in accordance with GDPR and UK data protection regulations, typically within 72 hours of becoming aware of the breach.
• Logging and Auditing: We maintain comprehensive logs for security auditing and incident investigation purposes.

8. Third-Party Services and Vendors

We work with trusted third-party service providers and ensure they meet our security standards:

• Vendor Assessment: We assess the security practices of third-party vendors before engaging their services.
• Data Processing Agreements: We have appropriate agreements in place with third-party processors.
• Limited Data Sharing: We only share data with third parties when necessary for service provision.

9. User Responsibilities

While we implement comprehensive security measures, you also play an important role in protecting your account:

• Strong Passwords: Choose a strong, unique password for your Goodbye Guide account.
• Account Security: Do not share your account credentials with anyone.
• Secure Devices: Ensure the devices you use to access Goodbye Guide are secure and up to date.
• Recognize Phishing: Be cautious of emails or messages claiming to be from Goodbye Guide.
• Report Suspicious Activity: If you notice suspicious activity, contact us immediately at support@goodbyeguide.com.

10. Compliance and Certifications

We are committed to maintaining compliance with relevant security and data protection standards:

• GDPR Compliance: We comply with the GDPR and UK data protection laws.
• Data Protection Impact Assessments: We conduct assessments to identify and mitigate privacy and security risks.
• Regular Reviews: We regularly review and update our security practices.

11. Security Updates and Improvements

Security is an ongoing process, and we continuously work to improve our security measures:

• Regular Updates: We regularly update our security policies and practices based on emerging threats.
• Security Training: Our team receives ongoing training on security best practices.
• Technology Upgrades: We invest in security technologies and tools to enhance our protection capabilities.

12. Reporting Security Issues

If you discover a security vulnerability or have concerns about our security practices, we encourage you to report it:

• Email: support@goodbyeguide.com
• Subject Line: Please use "Security Concern" or "Security Vulnerability" in your subject line
• Response Time: We will acknowledge your report within 48 hours and work to address any legitimate security concerns promptly.

Important: Please do not attempt to exploit any vulnerabilities you discover. We appreciate responsible disclosure and will work with you to address security issues appropriately.

13. Contact Us

If you have questions about our security practices or this Security Policy, please contact us:

• Email: support@goodbyeguide.com
• Mail: Goodbye Guide, Unit 146614, PO Box 7169, Poole, BH15 9EL