Kasheto ("we," "us," or "our") is committed to maintaining the security and integrity of our platform and protecting the personal and financial information of our users. This Security Policy outlines the measures we take to safeguard data and mitigate potential risks.

1. Data Encryption
   1. Transmission: We use industry-standard encryption protocols to secure data transmission between users' devices and our servers, protecting information from interception by unauthorized parties.
   2. Storage: All sensitive data, including user credentials and payment information, is stored in encrypted format to prevent unauthorized access in the event of a security breach.
2. Access Control
   1. Authentication: Access to our platform and internal systems is protected by robust authentication mechanisms, such as passwords, multi-factor authentication, and biometric verification.
   2. Authorization: We implement role-based access controls to restrict access to sensitive data and functionalities only to authorized personnel with a legitimate business need.
3. Network Security
   1. Firewalls: We deploy firewalls and intrusion detection/prevention systems to monitor and filter network traffic, preventing unauthorized access and potential threats.
   2. Regular Monitoring: Our network infrastructure is continuously monitored for suspicious activities and security incidents, allowing us to promptly respond to and mitigate potential threats.
4. Vulnerability Management
   1. Regular Assessments: We conduct regular security assessments and vulnerability scans of our systems and applications to identify and remediate potential security weaknesses.
   2. Patch Management: Critical security patches and updates are promptly applied to our systems and software to address known vulnerabilities and minimize the risk of exploitation.
5. Data Privacy
   1. Compliance: We adhere to applicable data protection regulations and industry best practices to ensure the privacy and confidentiality of user information, including GDPR, CCPA, and PCI DSS standards.
   2. Data Minimization: We collect and retain only the minimum amount of data necessary to provide our services, and we implement measures to anonymize or pseudonymize data whenever possible.
6. Incident Response
   1. Incident Reporting: Any suspected security incidents or breaches are promptly reported to our designated incident response team for investigation and remediation.
   2. Communication: In the event of a security incident that may impact users' data or services, we will communicate transparently and promptly with affected parties to provide necessary information and guidance.
7. Employee Training and Awareness
   1. Training Programs: All employees undergo regular security awareness training to educate them about potential threats and best practices for safeguarding data.
   2. Security Policies: Employees are required to adhere to strict security policies and procedures governing the handling of sensitive information and access to our systems.
8. Third-Party Security
   1. Vendor Assessment: We conduct due diligence assessments of third-party vendors and service providers to ensure they maintain adequate security controls and standards.
   2. Contractual Obligations: We require third-party vendors to adhere to security and privacy requirements specified in contractual agreements and to notify us of any security incidents or breaches promptly.
9. Compliance and Audit
   1. Internal Audits: We regularly conduct internal audits and assessments to evaluate compliance with our security policies and standards.
   2. External Audits: We engage independent third-party auditors to perform security assessments and audits of our systems and processes to validate compliance with regulatory requirements and industry standards.
10. Continuous Improvement
    1. Feedback and Review: We regularly conduct internal audits and assessments to evaluate compliance with our security policies and standards.
    2. Adaptation: We continuously monitor the evolving threat landscape and update our security measures and policies accordingly to stay ahead of emerging risks and vulnerabilities.
11. Contact Us
    1. If you have any questions or concerns about our Security Policy or the security practices employed by Kasheto, please contact us at info@kasheto.com
       By using our platform and services, you agree to adhere to the security measures outlined in this policy and cooperate with us in maintaining a secure environment for all users.