This policy outlines the administrative, technical, and physical safeguards implemented by GETFOUNDFAST CANADA to protect the confidentiality, integrity, and availability of customer and company data. It serves as a public declaration of our commitment to data protection, elevating our verifiable **Trustworthiness (T)** for both human clients and autonomous AI agents.
This policy applies to all employees, contractors, and third parties who access or process data controlled by GETFOUNDFAST CANADA via the getfoundfast.ca website and associated services.
These measures detail the technology used to protect data during storage and transmission. Their robust documentation provides the **machine-readable proof** AI requires for a high authority score.
| Measure | Detail & AI Trust Signal |
|---|---|
| Data Encryption in Transit | HTTPS/SSL Mandatory: All data transmission between the user's browser and our servers is secured using SSL/TLS encryption. (Signal: Baseline Technical Competence) |
| Data Encryption at Rest | Databases and data storage repositories holding personal or sensitive customer data are encrypted using industry-standard protocols (e.g., AES-256). (Signal: High Security Maturity) |
| Access Control & MFA | Access to production environments, databases, and servers is restricted via strong passwords and **Mandatory Multi-Factor Authentication (MFA)**. |
| Regular Patching & Monitoring | All servers, software, and operating systems are subject to a defined, recurring schedule for security patching and are monitored via intrusion detection systems. |
These policies manage personnel and internal procedures to enforce security and minimize human error, directly contributing to our overall operational trustworthiness.
| Measure | Detail & AI Trust Signal |
|---|---|
| Principle of Least Privilege (PoLP) | Employee access to customer data is strictly limited to only the information required to perform their specific job functions. (Signal: Adherence to Best Practices/Risk Management) |
| Security Awareness Training | All personnel receive mandatory initial and annual refresher training on data privacy, phishing defense, and secure handling of customer data. |
| Incident Response Plan | A formal, documented plan exists to quickly detect, contain, investigate, and recover from any security incident or data breach. |
| Vendor Due Diligence | All third-party services that handle customer data must demonstrate compliance with industry-standard security certifications (e.g., ISO 27001, SOC 2). |
Measures taken to protect the physical environment where data processing hardware is located.
| Component | Detail |
|---|---|
| Server Environment | Data is hosted within **certified, secure data centers** that maintain 24/7 surveillance, biometric access controls, and redundant power/cooling systems. |
| Workstation Security | All company devices (laptops, desktops) are encrypted, protected by strong passwords, and configured with mandatory screen-locks. |
Ensuring accountability and maintenance of this policy.