Data Security

1. Our Commitment to Data Security

VALIDATA PTY LTD ("Validata", "we", "us", or "our") is committed to protecting the security of your data. This Data Security Statement outlines the measures we take to secure the information you provide to us and the data generated through your use of our AI readiness assessment tools and services (collectively, the "Services").

We leverage robust infrastructure and follow industry best practices to safeguard your information against unauthorized access, disclosure, alteration, and destruction.

2. Technical and Organizational Measures

We implement a variety of security measures, including but not limited to:

• Infrastructure Security: Our services are built on Firebase (a Google Cloud Platform product), which provides a secure and scalable infrastructure with features like data encryption at rest and in transit, automated backups, and robust physical security at data centers.
• Access Controls: We enforce strict access controls to our systems and data. Access to sensitive information is limited to authorized personnel who require it to perform their job duties. We utilize Firebase Authentication for user management, ensuring secure sign-up and sign-in processes.
• Data Encryption: Data, including survey responses and user information stored in Firestore, is encrypted at rest by default by Google Cloud. Communication between your browser and our Services is encrypted using HTTPS/TLS.
• Secure Firestore Rules: We configure Firestore security rules to ensure that users can only access and modify data they are authorized to, based on their authentication status and roles.
• Regular Monitoring and Auditing: We (and our infrastructure providers like Google) regularly monitor our systems for suspicious activity and potential vulnerabilities.
• Software Development Practices: We follow secure software development practices, including code reviews and vulnerability assessments, to minimize security risks in our applications.
• Stripe Integration Security: Payments are processed through Stripe via the Firestore-Stripe-Payments extension, which is designed to handle payment information securely and in a PCI-compliant manner. We do not store your full credit card details on our servers.
• Azure Mail Security: "Contact Us" form submissions are handled via Azure Mail, leveraging Microsoft's security infrastructure for email transmission.

3. Your Responsibilities

While we take significant steps to protect your data, you also play a role in its security:

• Protect your account credentials (username and password). Use strong, unique passwords and do not share them.
• Be cautious about the information you share, especially if using public or unsecured networks.
• Ensure your own devices and systems are protected with up-to-date security software.

4. Data Breach Notification

In the unlikely event of a data breach that affects your personal information, we will notify you and relevant authorities as required by applicable law.

5. Third-Party Services

Our Services integrate with third-party services such as Firebase, Google Gemini, Stripe, and Azure Mail. Each of these services has its own robust security practices. We encourage you to review their respective security documentation for further details.

6. Changes to This Statement

We may update this Data Security Statement from time to time to reflect changes in our practices or for other operational, legal, or regulatory reasons. We will post any changes on this page, and where appropriate, notify you.

7. Contact Us

If you have any questions or concerns about our data security practices, please contact us through the details provided on our Contact Us page.