# Data Security - Executive Summary

## Executive Summary

(Updated: 07/08/2023)

Our company is legally obligated to safeguard the privacy and security of the personal data that we process from our users. We have implemented a comprehensive data security program that complies with the applicable data protection laws and regulations. <br>

**Data Security Legal Requirements and Obligations**

Our data security legal requirements and obligations are to:

* Ensure the confidentiality, integrity, and availability of our users' personal data.
* Comply with the data protection laws and regulations of the jurisdictions where we operate, such as the GDPR.
* Demonstrate our accountability and transparency regarding our data security practices.<br>

**Data Security Program**

Our data security program consists of the following measures and procedures:

* Physical security: We have established physical security measures to prevent unauthorised access, damage, or theft of our data processing equipment and facilities through our AWS managed system integration. These measures include access control systems, surveillance cameras, and alarm systems. (See:[ https://aws.amazon.com/compliance/data-center/controls/](https://aws.amazon.com/compliance/data-center/controls/))
* Logical security: We use various logical security measures to prevent unauthorised access, interference, or disclosure of our users' personal data. These measures include firewalls, intrusion detection systems, and data encryption.
* Data access controls: We have implemented data access controls to limit access to our users' personal data to authorised personnel only, based on the principle of least privilege and need-to-know.
* Data encryption: We encrypt all personal data at rest and in transit, using strong encryption algorithms and keys.
* Data backup and recovery: We have a comprehensive data backup and recovery plan in place to ensure the resilience and continuity of our data processing activities in the event of a data breach or other disaster.
* Incident response: We have a well-defined incident response plan to identify, contain, analyse, remediate, and report on security incidents.

**Certifications, Standards, and Best Practices**

Our company is in the process of obtaining ISO/IEC 27001 certification, which is the international standard for information security management systems. We also adhere to the standards and best practices recommended by the following organisations:

* The National Institute of Standards and Technology (NIST)
* The Payment Card Industry Data Security Standards Council (PCI SSC)
* The General Data Protection Regulation (GDPR)

**GDPR Compliance and Data Processing**

Our company is committed to complying with the General Data Protection Regulation (GDPR), which is a regulation of the European Union (EU) that sets out the rules for the protection of personal data. We have implemented measures and procedures to ensure that our data processing activities comply with the GDPR.

**Data Processing**

We process our users’ personal data in accordance with the GDPR’s principles of lawfulness, fairness, and transparency. We only collect and process personal data that is necessary for the purposes for which it was collected, and we ensure that our users are informed about how their personal data is being used as per our[ Privacy Policy](https://www.askyazi.com/privacy-policy)

\
**Data Deletion**

We respect our users’ right to request the deletion of their personal data from our servers. When a user makes such a request, we will take all reasonable steps to delete their personal data from our systems, subject to any legal obligations that may require us to retain certain data. We have established procedures to ensure that our users’ requests for data deletion are handled promptly and efficiently. Data deletion requested will be processed in accordance with section 14 of our[ Terms of Service](https://www.askyazi.com/terms-of-service)

**Conclusion**

We are committed to fulfilling our legal obligations regarding the privacy and security of our users' personal data. We have implemented a comprehensive data security program that complies with the applicable data protection laws and regulations. We believe that our data security program is robust and effective. We take our obligations under the GDPR seriously and have implemented measures to ensure that our data processing activities comply with its requirements. We are confident that we can protect our users' personal data from unauthorised access, use, disclosure, alteration, or destruction. If you have any questions or concerns about how we process your personal data, please do not hesitate to contact us.

<br>


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://docs.askyazi.com/security/data-security-executive-summary.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.