This General Data Protection Regulation Addendum ("DPA") forms part of the Terms of Service available at www.hihello.me/legal/terms, or, if applicable, any other separate written agreement (the "Agreement"), by and between HiHello, Inc., a Delaware corporation ("HiHello") and the Customer named in the Agreement, pursuant to which Customer has purchased a subscription to access and use the Service (as defined in the Agreement). The parties intend this DPA to be an extension of the Agreement that will outline certain requirements for HiHello’s processing of certain personal data provided or made available by Customer, or collected or otherwise obtained by HiHello, in the course of providing services to Customer.
HiHello adopts an Information Security Management Systems (ISMS) as a framework for continuous improvement of security.
This ISMS includes (but is not limited to):
HiHello has and periodic reviews the Information Security Policies as the major guidelines for security practices. This includes Risk Management, Data Classification, Access Control, Software Development and Data Breaches.
Awareness on security and compliance is fundamental and provided to all users. Some users may have additional specific awareness, relevant for their function.
Access is granted on a need-to-know basis and only a small number of users can access production systems where information from Customers is stored. Authentication to production systems is made with 2-factor Authentication as a standard.
Relevant audit logs are maintained, including access to sensitive information (including personal data). The logs are kept in separate infrastructure and only accessed by Security team.
Processes are defined to handle Data Breaches. These processes include notification to relevant stakeholders, according to type of incident and applicable legislation.
HiHello implemented several security measures to protect our infrastructure from external and internal threats. This includes encryption, firewalls, IDS and other cloud provider specific. Access to production systems is made in secure mode and encryption in transit is a default. Sensitive information is also encrypted at rest.
HiHello uses data centers managed by cloud providers and delegates all physical security to them, after a due diligence.
HiHello has several technical implementations to assure business continuity of its service. Those include backups, resilient and redundant infrastructure and a Disaster Recovery Plan.
Development is made using a secure development methodology that includes peer review and secure coding and testing.
Continuous improvement and review
HiHello security posture is based on a continuous improvement process that includes periodic review of security controls effectiveness.