This Data Security Policy outlines the measures and practices implemented by us to ensure the security and protection of data for our Software-as-a-Service (SaaS) product hosted on Amazon Web Services (AWS) servers. The policy aims to safeguard customer data, maintain confidentiality, integrity, and availability, and comply with relevant data protection regulations.

1. Data Classification

1.1 Data Classification Framework

We have implemented a data classification framework to categorize data based on its sensitivity and criticality. This classification helps in applying appropriate security controls and access restrictions.

1.2 Data Ownership

Data ownership is clearly defined, ensuring accountability and responsibility for the protection of different data types.

2. Physical Security

2.1 AWS Data Centers

Our SaaS product is hosted on AWS servers, benefiting from the physical security measures implemented by AWS, including secure data center facilities, access controls, surveillance systems, and environmental safeguards.

2.2 Data Center Access

Physical access to AWS data centers is strictly controlled and limited to authorized personnel only.

3. System and Network Security

3.1 Secure Infrastructure

Our SaaS product is deployed on a secure infrastructure following AWS best practices, including secure configuration management, firewalls, and intrusion detection/prevention systems.

3.2 Encryption

Data transmitted between the user’s browser and our SaaS product is encrypted using industry-standard protocols (e.g., HTTPS). Additionally, sensitive data at rest is encrypted using encryption mechanisms provided by AWS.

3.3 Vulnerability Management

We conduct regular vulnerability assessments and penetration tests to identify and remediate any security vulnerabilities in our systems and applications.

3.4 Patch Management

We have established processes to promptly apply security patches and updates to our systems, including the underlying AWS infrastructure, to mitigate potential vulnerabilities.

3.5 Network Segmentation

Our network is segmented to isolate and protect different components and layers of the SaaS product, reducing the impact of potential security incidents.

4. Access Control

4.1 User Authentication

We enforce strong user authentication mechanisms, including the use of complex passwords, multi-factor authentication (MFA), and secure password storage practices.

4.2 Role-Based Access Control

Access to data and system resources is granted based on the principle of least privilege, ensuring that users have the necessary access rights for their specific roles and responsibilities.

4.3 Access Monitoring and Logging

We maintain logs of user activities and monitor access to detect and respond to any unauthorized access attempts or suspicious activities.

5. Data Privacy

5.1 Data Privacy Compliance 

We adhere to applicable data protection laws and regulations based on the geographic location of our customers.

5.2 Data Minimization

We collect and retain only the minimum necessary data required to provide our services. Data is stored and processed in accordance with the consent provided by the data subject or as permitted by applicable laws.

6. Incident Response and Business Continuity

6.1 Incident Response Plan

We have an incident response plan in place to promptly detect, respond to, and mitigate any security incidents or data breaches. The plan includes procedures for communication, containment, investigation, and notification.

6.2 Data Backup and Recovery 

Regular data backups are performed to ensure the availability and integrity of customer data. Backup data is stored securely and tested for restoration periodically.

7. Employee Awareness and Training

7.1 Security Awareness 

We conduct regular security awareness and training programs to educate our employees about their responsibilities, security best practices, and the importance of data protection.

7.2 Confidentiality Agreements

Employees are required to sign confidentiality agreements, reinforcing their commitment to maintaining the confidentiality and security of customer data.

7.3 Access Controls

Employees are granted access to customer data and system resources based on their job requirements, and access privileges are regularly reviewed and revoked as needed.

8. Third-Party Security

8.1 Vendor Management

We carefully evaluate and select third-party vendors and service providers based on their security practices and their ability to meet our data protection requirements. We ensure that appropriate data protection agreements are in place with these vendors.

8.2 Compliance Validation

We regularly assess the compliance and security practices of our third-party vendors to ensure they meet the necessary security standards.

9. Compliance Monitoring and Review

9.1 Compliance Audits

We conduct regular internal audits and assessments to verify compliance with this Data Security Policy, applicable data protection regulations, and industry best practices.

9.2 Policy Review

This Data Security Policy is reviewed periodically to ensure its relevance and effectiveness in addressing emerging security risks and changes in the regulatory landscape.

10. Contact Information

If you have any questions or concerns regarding the security of our SaaS product hosted on AWS servers or if you suspect any security incidents, please contact us by email care (at) medqwik.com.

We take data security seriously and are committed to addressing any concerns promptly and effectively.

This Data Security Policy is subject to change as needed to adapt to evolving security practices, technology advancements, and regulatory requirements. Updated versions of the policy will be made available to all relevant stakeholders.