At Simple Software Solutions, we design with security and privacy in mind. This page explains our approach to data collection, storage, access, encryption, retention, backups, incident response, and the responsibilities we share with clients.
1) What We Collect
- Contact data submitted via forms (name, email, company, message).
- Service data required to deliver a project (e.g., environment URLs, integration endpoints, sample datasets).
- Technical metadata like IPs and user agent for basic diagnostics and abuse prevention.
2) Storage & Access Controls
- Least privilege: access is granted only to personnel who need it to perform work.
- MFA & password policies: admin and production systems require multi-factor authentication and strong passwords.
- Segregation: client environments and credentials are kept separate and labeled.
- Secrets management: API keys and passwords are stored in secure vaults or encrypted configuration.
3) Encryption
- In transit: HTTPS/TLS for websites, APIs, admin consoles, and CI/CD endpoints.
- At rest: platform-level encryption (e.g., encrypted volumes/databases) for production data where applicable.
4) Backups & Continuity
- Automated backups for managed databases and critical state, with defined retention windows.
- Periodic restore tests as part of delivery checklists for managed environments.
5) Data Retention & Deletion
- Project artifacts: retained for the duration of the engagement and as contractually required.
- Contact inquiries: retained for customer support and business records, then periodically reviewed for deletion.
- Deletion requests: honored upon verified request unless legal obligations require retention.
6) Incident Response
- Detection & triage: we investigate alerts and error reports promptly.
- Containment & remediation: revoke credentials, rotate keys, patch systems, and validate fixes.
- Notification: we notify affected clients without undue delay and provide relevant technical details.
7) Subprocessors & Third Parties
We may use reputable providers for hosting, email, logging, and analytics. Each provider is vetted for security posture and contractual commitments. A list of core subprocessors is available on request and may vary by project.
8) Compliance & Client Responsibilities
Shared responsibility: Security is collaborative. We implement strong defaults, but clients are responsible for account-level settings (e.g., user provisioning, role assignments), approving third-party connections, and adhering to their own legal/regulatory obligations.
9) Your Rights & Contact
You can request access, correction, or deletion of your personal data by emailing admin@simpleswsolutions.com. For security questions or disclosures, use the same address with the subject “Security”.
Encryption Access Control Backups Incident Response