Security Policy

Updated May 28, 2024

1. Introduction

   Welcome to piggy+, a zero-based family budgeting application provided by Conrad Research LLC ("Conrad Research"). We take the security of your personal and financial information seriously and have implemented appropriate technical and organizational measures to protect your information from unauthorized access, use, or disclosure. This security policy (the "Policy") explains our practices for ensuring the security of your information.

2. Cloud Platform Security

   We understand the importance of industry-standard certifications to ensure the security of your information. We run the Application on top of cloud platforms that have achieved SOC 2 Type 2 certification, including the below listed cloud platforms. These certifications demonstrate that these platforms have undergone rigorous independent audits to ensure that they meet the highest standards for security, availability, and confidentiality.

   We run the Application on top of these cloud platforms:

   • Cloudflare (website and application hosting)
   • Stripe (payment processing, banking connections)
   • Postmark (email processing)
   • Turso (database hosting)

3. Colocation Datacenter Security

   In addition to our robust cloud security measures, we also host part of our application, databases, and data in a colocation datacenter ("datacenter"). This arrangement involves a third-party facility where we rent space for servers and other computing hardware. Our datacenter security measures include:

   • Physical Security: The datacenter is fortified with stringent physical security measures. These include 24/7 surveillance, limited access controls, biometric security measures, and multiple identification checks for access. These measures ensure only authorized personnel have access to the server space.
   • Power Redundancy: The datacenter has power redundancy through multiple power feeds, backup generators, and robust UPS systems. This ensures the continuous operation of our servers even in the case of a power outage.
   • Fire Protection: The datacenter has advanced fire suppression systems to protect equipment and data from potential fire damage.
   • Climate Control: The datacenter maintains an optimal climate through HVAC systems to ensure the servers remain at ideal temperatures and humidity levels, thereby preventing hardware damage and prolonging equipment lifespan.
   • Server Security: Our servers at the datacenter are protected with state-of-the-art security measures, such as firewalls and Intrusion Detection Systems (IDS).
   • Network Security: All network traffic to and from our servers at the datacenter is encrypted and monitored for any anomalies or suspicious activities. We implement strong access control measures.
   • Disaster Recovery and Backups: We regularly backup data stored on our servers at the datacenter to a secure, offsite secondary datacenter location.
   • Compliance and Audits: The datacenter complies with industry standards and undergoes regular audits to validate our security measures and ensure we maintain a high level of data protection.

   By utilizing this datacenter, we leverage the robust security measures, the stability of infrastructure, and the dedicated support of a renowned datacenter provider. Whether your data is stored in the cloud or at our datacenter, we are dedicated to securing it at all times.

4. Information Security

   We have implemented appropriate technical and organizational measures to protect your information from unauthorized access, use, or disclosure. All data transmitted to and from piggy+ is encrypted using the HTTPS protocol. We also use the latest encryption algorithms to protect data at rest. We use encryption key management to ensure that keys are stored securely and are only accessible to authorized personnel. We also require multi-factor authentication for all user accounts to prevent unauthorized access.

5. Data Backup and Recovery

   We maintain regular backups of your information to ensure that it can be recovered in the event of a disaster or data loss. These backups are stored in a secure, secondary location and are subject to regular testing to ensure their integrity and recoverability.

6. Incident Response

   In the unlikely event of a data breach, we have implemented incident response procedures to ensure that we can respond quickly and effectively. We will notify affected customers as soon as possible and provide them with information about the nature of the breach, the data that was affected, and the steps that we have taken to mitigate the incident.

7. Regular Audits and Reviews

   We regularly review and audit our security measures and compliance with industry standards to ensure that we maintain the highest level of security.

8. Contact Information

   If you have any questions about this Policy or our practices, you can get in touch with us at https://piggy.plus/contact-us.