At Courzy, we are committed to ensuring the security and integrity of our users' data. Our security practices are designed to protect user information from unauthorized access, use, alteration, or disclosure. This policy outlines the measures we implement to safeguard our application, infrastructure, and customer data.
Cloud Hosting: All services are hosted on secure cloud platforms with robust physical and environmental controls. We use reliable third-party infrastructure providers for hosting data and managing backups.
Data Storage: No permanent storage of sensitive user data is conducted. User activity and inputs relevant to the service are either not stored or are deleted after temporary processing. All temporarily stored data is encrypted in transit and at rest.
Disaster Recovery: Regular backups are maintained for all critical data. Backup recovery procedures are tested periodically to ensure resilience in case of data loss or corruption.
Authentication and Authorization: Strong password policies are enforced for administrative access to our systems. User accounts on Courzy require secure credentials and are protected through secure session management.
Content Controls: Courzy is an educational AI tool. While the platform does not process or store user-generated media, our system architecture includes safeguards to reject unauthorized content or abusive activity.
Regular Updates: Security patches and updates are deployed regularly using automated build processes. This ensures quick and safe rollout of new features, security fixes, and improvements.
Data Minimization: We only collect and process the minimum amount of data necessary to deliver our services. Courzy does not collect or store photos, videos, or biometric data.
Encryption: All data transmitted between users and Courzy is encrypted using SSL/TLS protocols. Any data retained temporarily is encrypted at rest.
Payments: All payment transactions are securely handled through Paddle, a PCI DSS-compliant service. We do not store any credit card details on our servers.
Access Control: Access to user data is strictly limited to authorized personnel on a need-to-know basis. Employee access is regularly audited and logged for compliance.
Incident Detection and Escalation: A formal incident response process is in place to identify, escalate, and address security events. In case of a breach, our team is mobilized to contain and resolve the issue promptly.
Customer Notification: Affected users will be notified in writing if their data is involved in a verified security breach. Post-incident reviews are conducted to prevent future occurrences.
Regulations and Standards: Courzy complies with applicable privacy and security regulations, including GDPR (General Data Protection Regulation) and CCPA (California Consumer Privacy Act). Our practices align with industry standards.
Third-Party Services: We use trusted third-party providers to deliver specific functionalities. These providers are carefully selected and reviewed to ensure compliance with strict security standards.
Users are expected to comply with Courzy's Terms and Conditions and Privacy Policy. They are responsible for maintaining the confidentiality of their account credentials and notifying Courzy of any unauthorized access.
Courzy reserves the right to update this security policy as our services evolve. Users will be notified of any significant changes through appropriate channels. Continued use of our services constitutes acceptance of any updated terms.
If you have any questions about this policy, please contact us at: support@42dijital.com