Information Security Policy

1. Introduction At SkuHunt, we are committed to protecting the confidentiality, integrity, and availability of our data, particularly the sensitive information related to TikTok Shop orders, including sales, SKUs, and associated fees. This policy outlines the security measures we implement to safeguard our data and systems. 2. Scope This policy applies to all employees, contractors, and systems involved in handling, storing, or processing TikTok Shop data within SkuHunt. It covers all aspects of data protection, including user access control, data encryption, and security monitoring. 3. User Access Controls Authentication: We use Firebase and Clerk to enforce secure user authentication. Multi-Factor Authentication (MFA) is required for all access to critical systems. Principle of Least Privilege: Access to data is restricted based on the principle of least privilege, ensuring that users only have access to the data and systems necessary for their role. Role-Based Access Control (RBAC): We implement role-based access controls via Clerk, defining user permissions based on their roles (e.g., admin, analyst). 4. Data Protection Data Encryption: In Transit: All data transmitted between clients and servers is encrypted using HTTPS. At Rest: Sensitive data stored in Neon databases is encrypted at rest by default. Data Access Logging: Access to sensitive data is logged, monitored, and reviewed regularly to detect any unauthorized access. 5. System Security Endpoint Protection: All company devices are protected with up-to-date antivirus software and operating system security patches. Network Security: We implement network-level protections using Vercel's secure hosting infrastructure, including firewalls and DDoS protection measures. Code Security: We use GitHub for version control, employing automated security checks like Dependabot to identify and resolve vulnerabilities in dependencies. 6. Security Monitoring and Incident Response Monitoring: We continuously monitor our systems for potential security threats using integrated monitoring solutions within Firebase, Neon, and Vercel. Incident Response Plan: In the event of a security incident, we have a defined process for identifying, responding to, and mitigating the impact of the incident. The primary contact for incident response is sagar@skuhunt.com. 7. Data Retention and Disposal Data Retention: Data related to TikTok orders is retained only as long as necessary to provide our services. We periodically review and delete data that is no longer needed. Data Disposal: At the end of a contractual relationship, we securely delete all customer data in our possession, following best practices for data destruction. 8. Policy Review This policy is reviewed annually or when significant changes to our infrastructure or services occur to ensure continued compliance with industry best practices. 9. Contact Information For any inquiries regarding this policy, please contact our security team at sagar@skuhunt.com.