Security Policy

Our security policy was last updated on July 17, 2024.

This security policy outlines the information security framework for Hubtype and its commitment to protect the confidentiality, integrity, and availability of its information assets. The policy applies to all employees, contractors, and third-party vendors who handle or have access to Hubtype's information assets.

Hubtype's security committee is responsible for defining goals and objectives focused on performance evaluation regarding information security and compliance with current legislation regarding information systems, as well as for continuously improving our activities, which are regulated by the management system that develops this policy. Management is responsible for providing the necessary resources and support to implement and maintain the security policy.

Information security policy framework

Hubtype has established a comprehensive information security policy framework that includes regular risk assessments, implementation of appropriate security controls, incident management, and compliance with relevant regulations and standards.

Asset management

Hubtype has a formal process for identifying, classifying, and protecting its information assets. This process includes regular review and updates to ensure the ongoing protection of critical information assets.

Human resource security

Hubtype performs security awareness and training programs for all employees and contractors to ensure that they understand their roles and responsibilities in maintaining the confidentiality, integrity, and availability of information assets.

Communications

Employees, contractors and vendors of Hubtype must follow the secure communication process to ensure that information is transmitted securely.

Access control

Hubtype has implemented access control processes following the Least Access Privilege approach to ensure minimum permissions and only authorized individuals have access to its information assets. This includes user registration, authentication, and authorization processes.

Infrastructure security

All components are defined using Infrastructure as Code (IaC) and the source code must be reviewed taking into consideration the confidentiality, integrity and availability of the data before adding the code in production. Hubtype has monitoring of the critical components and alarm systems to make sure an on-call person is notified if any irregularity happens.

Application security

All the source code must be reviewed taking into consideration the confidentiality, integrity and availability of the data. It also must follow the coding standards established in Hubtype and pass all the tests. Moreover, we have static analysis set in place and image scanning to detect any vulnerability.

Customer data security

Hubtype uses TLSv1.2 to ensure the data security in transit and SHA-256 encryption for the data at rest. We also have resilience by having a second replica of our databases ready to be used and using multi-AZs in our critical components. All our critical providers processing or storing PII or data considered sensitive are GDPR compliant.

Incident management

Hubtype has established an incident management process to respond to and report security incidents, including data breaches, network intrusions, and system failures.

Business continuity management

Hubtype has a business continuity plan in place to ensure the continuity of business operations in the event of a security breach or disruption.

Compliance

Hubtype is committed to complying with relevant legal and regulatory requirements, as well as industry standards and best practices, including ISO 27001.

Review and revision

Hubtype regularly reviews and revises its security policy to ensure its effectiveness and alignment with organizational needs. This review is conducted at least annually or as necessary based on changes in the information security environment.