Data Security Policy
Enterprise-grade security measures protecting your data with encryption, access controls, and comprehensive incident response protocols
Security Framework Overview
1Purpose
This policy outlines Davinci AI Solutions' commitment to protecting client data through robust security controls, including encryption, access management, and incident response protocols.
2Scope
This policy applies to all data handled by Davinci AI Solutions, covering data at rest, in transit, and stored on cloud services, as well as the accounts we manage for clients.
- Data at rest in our storage systems
- Data in transit across networks
- Cloud-based storage and services
- Client account management systems
3Security Measures
3.1 Encryption
Data at Rest: All customer data stored within our systems is encrypted at rest with at least AES-128 encryption, ensuring strong protection of sensitive information.
3.2 Access Control
- Password Management: Customer passwords are stored securely in industry-standard password management tools with multi-factor authentication (MFA), ensuring controlled and secure access.
- Multi-Factor Authentication (MFA): Davinci AI Solutions is committed to using MFA on all company accounts and on all accounts within customer environments to the best of our ability, reinforcing security across access points.
3.3 Network Security
- Firewall Protection: Firewalls are configured to monitor and control network traffic, safeguarding against unauthorized access and potential threats.
- Virtual Private Network (VPN): Remote connections to client networks and our systems are secured with encrypted VPNs, restricting access to authorized personnel only.
4Data Backup and Recovery
4.1 Backup Schedule
- Frequency: All critical data is backed up daily to provide data resilience and ensure recovery options in case of data loss or system failure.
- Storage Locations: Backups are securely stored on cloud services in Canada and the United States, with data encrypted to safeguard it against unauthorized access.
4.2 Disaster Recovery
Recovery Point Objective (RPO)
24 hours - We aim to maintain minimal data loss in case of a disaster
Recovery Time Objective (RTO)
72 hours - We prioritize swift recovery to minimize client service interruptions
5Incident Response and Breach Notification
5.1 Detection and Response
Monitoring: We utilize real-time monitoring to detect and respond promptly to potential security incidents. Suspicious activity or unauthorized access attempts are escalated to our security team.
5.2 Client Notification
- Breach Notification: In the event of a breach affecting client data, we will notify impacted clients within 48 business hours, providing details on the incident and recommended actions to mitigate risks.
- Post-Incident Action: Following a breach, we conduct a thorough analysis to identify the root cause and implement additional security measures to prevent future incidents.
48-Hour Notification Guarantee
We commit to notifying affected clients within 48 business hours of discovering any data breach
6Compliance and Auditing
6.1 Regulatory Compliance
PIPEDA Compliance: We follow the Personal Information Protection and Electronic Documents Act (PIPEDA) to ensure the secure handling of personal data for Canadian clients.
6.2 Documentation and Record-Keeping
- Audit Logs: Detailed audit logs are maintained for critical systems, recording access and activity. These logs are retained for a minimum of one year.
- Policy Review: Security policies are reviewed annually to ensure they remain effective and in line with regulatory requirements.