HUNOVA SECURITY STATEMENT

Our clients have entrusted Hunova with their data, and we make it a priority to hold ourselves to the upmost standards when handling client data and information. We vow to ensure that user data is kept securely, and that we collect only as much personal data as is required to provide our services to users in an efficient and effective manner. Hunova uses best in class technology for Internet security that is available today. The goal of this security statement is to be transparent about our security systems and practices, to help reassure you that your data is appropriately protected.

Application and User Security

All sensitive communications with the Hunova.com Tambr platform, such as the user login page, are sent over SSL/TLS connections. Secure Sockets Layer (SSL) and Transport Layer Security (TLS) technology (the successor technology to SSL) protect communications by using both server authentication and data encryption. This ensures that user data in transit is safe, secure, and available only to intended recipients.

User Authentication: User data on our database is logically segregated by account-based access rules. User accounts have unique usernames and passwords that must be entered each time a user logs on. Hunova issues a session cookie only to record encrypted authentication and state information for the duration of a specific session. The session cookie does not include the password of the user.

User Passwords: User application passwords have minimum complexity requirements and are encrypted before storing in our database.

Privacy: This Security Statement should be read in conjunction with our privacy policy, which explains how we process personal information, who we share it with and how long we retain it.

Third Party Scans: Standard penetration testing of the server and application for application-level vulnerabilities is undertaken.

Data Center

Data Centers: Our information systems infrastructure (servers, networking equipment, etc.) is hosted by Microsoft Windows Azure who operate SSAE 16/SOC 2 audited data centers. A copy of their Security, Privacy and Compliance policies can be found https://www.microsoft.com/en-us/security

Location: All user data is stored on servers located in the United States.

Availability

Uptime: We carry out continuous uptime monitoring, and any downtime identified is escalated directly to Huonva staff.

Failover: All production backups are preformed weekly. All backups that contain sensitive information are encrypted prior to any transportation. We perform an annual disaster recovery test to ensure proper application of our failover procedure.

Network Security

Third Party Scans: Network port scanning, vulnerability scanning and manual penetration testing is performed, using OSSTM standards as a base minimum.

Testing: System functionality and design changes are verified in an isolated test “sandbox” environment and subject to testing prior to deployment to active production systems.

Patching: Latest security patches are applied to all operating system and application files to mitigate newly discovered vulnerabilities.

Logging and Auditing: Central logging systems capture and archive all server access including any failed authentication attempts.

Storage Security

Backup Frequency: Both the SQL database, and the Windows Azure storage are themselves fully backed up according to the Windows Azure SLA. SQL server does a full back up twice a day. This data is further backed up by copying and storing offsite using Windows Azure Storage.

Backup Location: Windows Azure backups use paired locations for disaster recovery.

Organizational & Administrative Security

Employee Screening: We perform background screening on our employees whose primary role includes access to sensitive user data.

Training: We provide security and technology use training for employees.

Service Providers: We screen our service providers and bind them under contract to appropriate confidentiality obligations if they deal with any user data.

Access: Access controls to sensitive data in our databases, systems and environments are set on a need-to-know / least privilege necessary basis.

Audit Logging: We maintain and monitor audit logs on our services and systems.

Software Development Practices

Coding Practices: Our engineers use industry-standard secure coding guidelines to ensure secure coding.

Third Party Scans: In-depth review of the applicable source code related to the project, looking for security vulnerabilities both at the application level and the configuration level is undertaken.

Handling of Security Breaches

Despite best efforts, no method of transmission over the Internet and no method of electronic storage is perfectly secure. We cannot guarantee absolute security. However, if Honova learns of a material security breach, we will use reasonable efforts to notify affected users so that they can take appropriate protective steps. We will do this by providing email notices or posting a notice on our website if a material breach occurs. We will also comply with all applicable data breach notification laws.

Your Responsibilities

Keeping your data secure also depends on you ensuring that you maintain the security of your account by using sufficiently complicated passwords and storing them safely. You should also ensure that you have sufficient security on your own systems, to protect your data.

Questions?

If you have any questions about Hunova’s security practices, please email us at compliance@hunova.com


Last updated: January 202