Last Modified: September 1, 2023

 

This Security Statement applies to the products, services, websites and apps offered by BeKynder, Inc. (“BeKynder," "we," or "us"). We refer to those products, services, websites and apps collectively as the “Content” in this Statement. This Security Statement also forms part of the user Terms of Service.

BeKynder values the trust that our users place in us by letting us act as custodians of their data. We take our responsibility to protect and secure your information seriously and strive for complete transparency around our security practices detailed below. Our Privacy Policy also further details the ways we handle your data.

Physical Security

 

BeKynder's information systems and technical infrastructure are hosted within world-class, SOC 2 accredited data centers. Physical security controls at these data centers include 24x7 monitoring, cameras, visitor logs, entry limitations, and all that you would expect at a high-security data processing facility.

Compliance

 

BeKynder has implemented governance, risk management, and compliance practices that align with the most globally recognized information security frameworks.

 

Access Control

Access to BeKynder's technology resources is only permitted through secure connectivity (e.g., VPN, SSH) and requires multi-factor authentication. Our production password policy requires complexity, expiration, and lockout and disallows reuse.

 

Security Policies

BeKynder maintains its information security policies. Employees must acknowledge policies on an annual basis and undergo additional training pertaining to job function. Training is designed to adhere to all specifications and regulations applicable to BeKynder.

 

Personnel

BeKynder conducts background screening at the time of hire (to the extent permitted or facilitated by applicable laws and countries). In addition, BeKynder communicates its information security policies to all personnel and requires new employees to sign non-disclosure agreements.

 

Vulnerability Management and Penetration Tests

BeKynder maintains a documented vulnerability management program which includes periodic scans, identification, and remediation of security vulnerabilities on servers, workstations, network equipment, and applications. All networks, including test and production environments, are regularly scanned using trusted third party vendors. Critical patches are applied to servers on a priority basis and as appropriate for all other patches.

 

We also conduct regular internal and external penetration tests and remediate according to severity for any results found.

 

Encryption

BeKynder encrypts all data at rest in our data centres using AES 256 based encryption. Additionally, BeKynder encrypts all data in motion using (i) RSA with 2048 bit key length based certificates generated via a public Certificate Authority, for communications with entities outside BeKynder's data centres, and (ii) RSA 256 certificates generated via Internal Certificate Authority, for all the data within the data centre.

 

Development

Our development team employs secure coding techniques and best practices. Developers are formally trained in secure web application development practices upon hire and annually.

 

Asset Management

BeKynder maintains an asset management policy which includes identification, classification, retention, and disposal of information and assets. Company-issued devices are equipped with full hard disk encryption and up-to-date antivirus software. Only company-issued devices are permitted to access corporate and production networks.

 

Incident Management

BeKynder maintains a security incident response process that covers the initial response, investigation, customer notification (no less than as required by applicable law), public communication, and remediation.

 

Breach Notification

Despite best efforts, no method of transmission over the Internet and no method of electronic storage is perfectly secure. We cannot guarantee absolute security. However, if BeKynder learns of a security breach, we will notify affected users so that they can take appropriate protective steps. Our breach notification procedures are consistent with our obligations under applicable country level, state and federal laws and regulations, as well as any industry rules or standards applicable to us. We are committed to keeping our users fully informed of any matters relevant to the security of their account and to providing users all information necessary for them to meet their own regulatory reporting obligations.

 

Business Continuity Management

Backups are encrypted and stored within the production environment to preserve their confidentiality and integrity. BeKynder employs a backup strategy to ensure minimum downtime and data loss.

 

Your Responsibilities

Keeping your data secure also requires that you maintain the security of your account by using sufficiently complex passwords and storing them safely. You should also ensure that you have sufficient security on your own systems.

 

Logging and Monitoring

Application and infrastructure systems log information to a centrally managed log repository for troubleshooting, security reviews, and analysis by authorized BeKynder personnel. Logs are preserved in accordance with regulatory requirements. We will provide users with reasonable assistance and access to logs in the event of a security incident impacting their account.