1. Introduction
ChattyAI, recognizing the importance of data security and privacy, establishes this Security Policy and Standards Document. As a company adhering to GDPR standards and utilizing Microsoft Azure cloud services hosted in the UK, we commit to protecting our assets, data, and information from unauthorized access, disclosure, alteration, or destruction.
2. Scope
This document applies to all ChattyAI employees, contractors, and any individual with access to ChattyAI systems and data. It covers all hardware, software, and data managed by ChattyAI, including data stored or processed via Microsoft Azure cloud services.
3. Policy Objectives
- To safeguard personal and sensitive data in compliance with GDPR and other applicable laws and standards.
- To ensure that data storage, processing, and transmission are secure and resilient against unauthorized access.
- To establish a culture of security awareness among all staff and associates of ChattyAI.
4. Data Security and Privacy Standards
4.1 GDPR Compliance
- Data Protection: Personal data shall be processed lawfully, fairly, and in a transparent manner, ensuring adequate security (including protection against unauthorized or unlawful processing, accidental loss, destruction, or damage).
- Data Rights: Implement processes to honour individual rights under GDPR, such as access, rectification, erasure, and data portability.
4.2 Data Storage and Processing
- Azure Cloud Services: Leverage Microsoft Azure's security capabilities for data storage and processing, ensuring data resides in UK servers for compliance and data sovereignty.
- Encryption: Data at rest and in transit must be encrypted using industry-standard encryption protocols.
- Access Controls: Implement strict access control measures to data and systems, based on the principle of least privilege.
4.3 Data Backup
- Backup Policy: Regular backups of all critical data must be performed, ensuring data recoverability in case of an incident. These backups should also be stored within Azure UK data centers.