Skip to main content

Security Policy

Last Updated: [Insert Date]

At On Show Services, trading as Snap it Share it, we take the security of our systems, data, and user information very seriously. This Security Policy outlines the measures we take to ensure the confidentiality, integrity, and availability of the data entrusted to us. Our commitment to security is reflected in our personnel practices, technical safeguards, and operational protocols.

1. Personnel Security

1.1 Confidentiality Agreements
All employees and contractors are required to sign confidentiality agreements before gaining access to any sensitive data or our codebase. This ensures that all personnel understand and uphold their responsibilities to maintain data security.1.2 Hiring and Access Control
We employ a multi-step hiring process that includes interviews, portfolio reviews, and technical assessments. While we do not conduct formal background checks, access to sensitive systems is granted only to authorized personnel based on role-specific requirements.

2. Data Access and Management

2.1 Infrastructure
Our platform is hosted on Google Cloud Platform (GCP) using Firebase services for backend systems, including database management, authentication, and hosting. By leveraging GCP, we ensure compliance with high industry standards, including certifications such as ISO 27001, ISO 27017, ISO 27018, SOC 1/2/3, and PCI DSS.2.2 Secure Access
Access to Google Cloud and Firebase dashboards is secured through:

  • Two-Factor Authentication (2FA) for all accounts.
  • Role-based access controls to limit permissions to only what is necessary for job functions.

2.3 Data Encryption
We implement encryption protocols for data in transit and at rest:

  • Data in Transit: Protected via 256-bit Secure Socket Layer (SSL) technology.
  • Data at Rest: Encrypted using AES-256 encryption standards provided by Google Cloud.

3. Code Security Practices

3.1 Development Standards
We maintain high standards for code quality through:

  • Unit Testing and Integration Testing: Automated tests are run during continuous integration to identify and eliminate vulnerabilities early in the development process.
  • Staging Environment: All code is tested in a staging environment before deployment to production to ensure system stability and reliability.

3.2 Regular Deployments
Our team performs frequent deployments (typically weekly), ensuring timely updates and patches for security and functionality.

4. Data Privacy and Encryption

4.1 End-to-End Encryption
All data shared through our platform is encrypted during transmission using SSL/TLS protocols. This ensures that any data transmitted between users and our servers is secure from interception.4.2 Password Security
All user passwords are hashed and stored securely using bcrypt, which is an industry-standard hashing algorithm designed to protect passwords even in the event of a breach.

5. Payments

5.1 Third-Party Processing
We use Stripe as our payment processor. Stripe is PCI DSS-compliant and adheres to the highest standards for secure payment processing.

  • No Payment Data Storage: We do not store any billing or payment information on our servers. All payment data is securely handled by Stripe.
  • For more information about Stripe’s security practices, visit: Stripe Security.

6. Data Centers and Backups

6.1 Data Hosting
Our infrastructure is hosted on Google Cloud Platform, which ensures:

  • Multiple layers of physical and virtual security.
  • Hosting in geographically distributed data centers to ensure high availability and resilience.

6.2 Certifications
Google Cloud Platform complies with multiple international certifications, including:

  • ISO 27001, ISO 27017, ISO 27018
  • SOC 1/2/3
  • PCI DSS

6.3 Backups

  • Frequency: We perform daily backups of all critical data.
  • Retention: Backups are stored for 30 days and then securely deleted.
  • Encryption: All backups are encrypted at rest and during transmission.

7. Availability and Business Continuity

7.1 High Availability
Our platform benefits from the high availability of Firebase services, which are designed to handle large-scale traffic and ensure minimal downtime. Live status updates for Firebase can be monitored here: Firebase Status.7.2 Disaster Recovery
In the event of a system failure, we have a disaster recovery plan in place to restore services quickly. This includes:

  • Access to daily backups.
  • Redundant systems to minimize data loss and downtime.

8. Attack Prevention and Mitigation

8.1 Intrusion Detection
We use Google Cloud Platform’s intrusion detection and monitoring tools to detect and mitigate potential threats. These include:

  • Preventative measures to limit the attack surface.
  • Monitoring for unusual traffic patterns or unauthorized access attempts.

8.2 App Check and reCAPTCHA
To prevent abuse of API requests and unauthorized access:

  • We use Firebase App Check, which validates legitimate requests using reCAPTCHA v3.
  • This prevents bots and malicious actors from compromising our systems.

8.3 Cloudflare
We leverage Cloudflare to:

  • Protect against Distributed Denial-of-Service (DDoS) attacks.
  • Filter malicious traffic before it reaches our servers.
  • Optimize site performance and reliability.

9. Reporting and Incident Response

9.1 Reporting Security Incidents
If you identify a bug, vulnerability, or abuse of our services, please report it immediately to security@snapitshareit.com. We take all reports seriously and will work promptly to resolve any issues.9.2 Incident Response
In the event of a security breach, we will:

  • Notify affected customers promptly.
  • Provide details of the incident and steps taken to resolve it.
  • Work with users to mitigate risks and ensure compliance with applicable laws, including notification requirements under the Australian Privacy Act 1988 (APPs) and GDPR.

10. Updates to This Policy

We may update this Security Policy periodically to reflect changes in our practices or regulatory requirements. Updates will be posted on our website, and your continued use of our services constitutes acceptance of the updated policy.

Contact Us

If you have any questions about this Security Policy or require further information, please contact us at:
Emailsecurity@snapitshareit.com