Security Policy for Orbi Directory

1. Data Encryption

We use industry-standard encryption protocols to protect sensitive data during transmission. This includes the use of SSL/TLS (Secure Sockets Layer/Transport Layer Security) encryption, which ensures that your personal and business data, including login credentials and payment details, are securely transmitted over the internet.

2. Payment Security

For transactions related to paid listings, we use secure third-party payment processors. We do not store your payment information directly, but ensure that all transactions are processed securely by trusted payment gateways that comply with Payment Card Industry Data Security Standards (PCI DSS).

3. User Authentication

To protect your account from unauthorized access, we employ strong user authentication measures. These include:

• Password Protection: We require users to create strong passwords for their accounts. Passwords must meet certain complexity requirements to ensure they are not easily guessed.
• Two-Factor Authentication (2FA): We offer an additional layer of security by enabling two-factor authentication (2FA). When enabled, users must verify their identity through a second factor (such as a code sent to their email or phone) before accessing their accounts.

4. Access Control

We implement strict access control policies to ensure that only authorized personnel have access to sensitive data:

• Role-Based Access: Only authorized personnel with specific roles are granted access to certain types of data, based on the principle of least privilege.
• Employee Training: Our employees receive regular training on security practices and data protection to help minimize the risk of internal security breaches.

5. Monitoring and Logging

We continuously monitor our systems for unusual or suspicious activity. Logs of user access and system interactions are maintained to detect and respond to potential security threats. These logs are reviewed periodically to ensure compliance with our security standards.

6. Data Backups

We regularly back up our data to ensure that it can be recovered in case of an unexpected event, such as a system failure, data corruption, or security breach. Our backup processes are securely stored and regularly tested to ensure they function properly.

7. Security Updates and Patches

We maintain an ongoing process for applying security updates and patches to all our systems and software. This helps ensure that our platform remains protected against the latest known vulnerabilities and threats. We monitor and address security vulnerabilities as part of our regular system maintenance procedures.

8. Data Storage and Retention

We store your personal and business information in secure, encrypted databases. We retain your data only for as long as necessary to fulfill the purpose for which it was collected, such as maintaining your listing and processing payments. Once your data is no longer required, we securely delete it from our systems.

9. Third-Party Services

While we take all reasonable measures to protect your data, some services and tools that we use to operate our platform may be provided by third-party vendors. These third parties are contractually required to implement their own security measures to protect your data. However, we cannot be held responsible for the security practices of third-party services.

10. Incident Response and Reporting

In the event of a security incident, such as a data breach, we have an incident response plan in place. We will:

• Investigate the incident to assess the scope and impact.
• Notify affected users, if necessary, and provide guidance on steps they can take to protect their information.
• Work with relevant authorities to resolve the issue and prevent future occurrences.

If you suspect any security vulnerabilities or breaches, please contact us immediately at [Insert Contact Email].

11. User Responsibility

As a user, you are responsible for maintaining the confidentiality of your account credentials, including your username and password. We recommend that you:

• Use a strong and unique password for your account.
• Enable two-factor authentication (2FA) if available.
• Do not share your login details with anyone else.

If you suspect any unauthorized access to your account, please contact us immediately to take the necessary actions to secure your account.

12. Security of Children’s Data

Orbi Directory’s services are not intended for children under 18 years old. We do not knowingly collect or maintain personal information from minors. If we become aware that a child has provided us with personal data, we will take immediate steps to remove the data and terminate any associated accounts.

13. Changes to This Security Policy

We may update this Security Policy from time to time to reflect changes in our practices, technology, or legal requirements. Any updates will be posted on this page, and the effective date will be revised accordingly. We encourage you to review this policy periodically to stay informed about how we are protecting your information.

14. Contact Us

If you have any questions or concerns regarding this Security Policy or the security of your data, please contact us at:

Orbi Directory