1. Purpose
The purpose of this Data Classification Policy is to ensure that ChattySurvey’s and ChattyHiring’s assets are protected according to their sensitivity, criticality, and value to the company. This policy aims to minimize the risk of data breaches and comply with legal, regulatory, and contractual obligations.
2. Scope
This policy applies to all employees, contractors, and third-party partners who have access to data managed by ChattyAI, irrespective of the medium on which data resides or the form it takes (digital, physical, etc.).
3. Data Classification Levels
ChattyAI data shall be classified into four categories:
- Public (Level 1): Information intended for public disclosure. Disclosure poses no risk to ChattySurvey.
- Internal (Level 2): Information not for public disclosure but is not sensitive. Disclosure could inconvenience ChattySurvey but unlikely to cause significant harm.
- Confidential (Level 3): Sensitive information that could cause damage to ChattyAI, its clients, or partners if disclosed unauthorizedly.
- Restricted (Level 4): Highly sensitive information that could cause severe damage to ChattySurvey, its clients, or partners if disclosed unauthorizedly. This includes personally identifiable information (PII), financial data, strategic documents, passwords, keys etc.
4. Identification and Classification
- Responsibility: Data owners are responsible for classifying data they handle at the time of creation or receipt.
- Criteria: Classification shall be based on the highest level of sensitivity contained in the data.
5. Handling Requirements
- Public (Level 1): No restrictions on access or dissemination.
- Internal (Level 2): Access restricted to ChattyAI employees. No external sharing without explicit permission.
- Confidential (Level 3): Access strictly on a need-to-know basis. Stored in secure environments with encryption recommended during transmission.
- Restricted (Level 4): Strongest security controls. Stored in encrypted form, with access logged and monitored. Transmission must be encrypted.
6. Data Retention and Disposal