INFORMATION SECURITY POLICY STATEMENT

​

1. Access Control

• Access to customer data and production systems (e.g., Supabase, OpenAI API) is restricted to authorized personnel only (Director level).

• Multi-Factor Authentication (MFA) is enforced on all critical business accounts (Google Workspace, Wix, Stripe, Monzo).

• Strong password policies are enforced using a password manager.

2. Data Encryption

• In Transit: All data transmitted between the Client, Quick Clap Ltd, and third-party processors is encrypted using TLS/SSL (HTTPS) protocols.

• At Rest: Customer data stored in our databases (e.g., Supabase) is encrypted at rest using industry-standard AES-256 encryption.

3. Network Security

• We use secure, private connections for all administration tasks. Public Wi-Fi is strictly prohibited for accessing client data unless a VPN is used.

4. Supplier Management

• We only use compliant third-party sub-processors (e.g., OpenAI, Stripe) that adhere to GDPR standards and provide sufficient guarantees regarding data security.

5. Incident Response

• In the event of a data breach, Quick Clap Ltd commits to notifying the Data Controller (Client) without undue delay, and in any event within 24 hours of becoming aware of the breach.