Security Policy
Last updated: May 1, 2023
At Shipi, we are committed to ensuring the security and privacy of our users' data. This Security Policy outlines the comprehensive measures we take to protect your information and maintain a secure platform.
1. Data Encryption
We use industry-standard encryption protocols to protect data in transit and at rest. All communication between your browser and our servers is encrypted using TLS (Transport Layer Security) 1.2 or higher. Sensitive data stored in our databases is encrypted using AES-256 encryption.
2. Access Control
We implement strict access controls to ensure that only authorized personnel can access user data. Access is granted on a need-to-know basis and is regularly audited. We use multi-factor authentication (MFA) for all administrative access and enforce strong password policies.
3. Regular Security Audits
We conduct regular security audits and penetration testing to identify and address potential vulnerabilities in our systems. These audits are performed by both internal security teams and independent third-party security firms to ensure comprehensive coverage.
4. Secure Data Centers
Our infrastructure is hosted in secure data centers that comply with industry standards such as ISO 27001 and SOC 2. These facilities feature physical security measures including 24/7 monitoring, biometric access controls, and redundant power and cooling systems.
5. Incident Response
We have a comprehensive incident response plan in place to quickly address and mitigate any potential security breaches. Our team is trained to respond to security incidents within minutes, and we maintain detailed logs and monitoring systems to detect and respond to threats in real-time.
6. Employee Training
All Shipi employees undergo regular security awareness training to ensure they understand and follow best practices for data protection. This includes training on phishing prevention, secure coding practices, and data handling procedures.
7. Third-Party Security
We carefully vet all third-party services and ensure they meet our security standards before integrating them into our platform. All third-party vendors must comply with our security requirements and undergo regular security assessments.
8. Compliance
Shipi complies with applicable data protection regulations, including GDPR and CCPA, to ensure the privacy and security of user data. We regularly review and update our security practices to maintain compliance with evolving regulations.
9. Reporting Security Concerns
If you discover a potential security vulnerability or have any security concerns, please report them immediately to support@myshipi.com. We take all security reports seriously and will investigate them promptly.
10. Updates to Security Policy
We may update this Security Policy from time to time to reflect changes in our practices or for other operational, legal, or regulatory reasons. We encourage you to review this policy periodically. Any material changes will be communicated to users through our website or via email.
For any questions or concerns regarding our security practices, please contact us at support@myshipi.com.