Introduction

At Scanerrific, we prioritise the security and privacy of our users' data. Our commitment to security is embedded in every aspect of our operations, from application development to data storage and handling. This Security Policy outlines our practices and measures to ensure the protection of your sensitive information.

Availability

Scanerrific is available as a Software as a Service (SaaS) model, providing seamless access to our cutting-edge application without the need for maintenance or upgrades. Our internal incident response process ensures minimal service interruptions, and we promptly notify customers in the event of any security incidents affecting their service.

Data Protection

We employ industry-standard encryption and hashing algorithms to safeguard your data. Hostinger, our hosting provider, utilises database encryption and secure hashing algorithms to protect sensitive information. Additionally, users have the option to utilise their encryption keys for enhanced control over cloud data security. We also implement SSL encryption to secure communication between users and our servers, ensuring the confidentiality and integrity of transmitted data.

Permission Management

Access to Scanerrific instances is governed by roles and access rights configured by designated administrators. This ensures that users have appropriate permissions based on their roles within the organisation.

Vulnerability Management

Our Security Team employs a combination of automated and manual vulnerability scanning tools to detect and remediate potential security vulnerabilities in our infrastructure and application. We conduct regular penetration tests to assess the security posture of our systems and address any identified vulnerabilities promptly.

Data Backup

Scanerrific provides automated weekly backups, with daily backups enabled for additional data protection. This ensures the availability and integrity of your data in the event of unforeseen circumstances.

Data Ownership and Control

You maintain full ownership and control of your data uploaded or created on Scanerrific. Our personnel are prohibited from accessing your data unless necessary for providing support or troubleshooting, in which case strict access controls and protocols are followed.

Cancellation of Subscription

In the event of subscription cancellation, Scanerrific ensures that your data remains accessible for retrieval for a period of 60 days after termination. After this period, your account is disabled, and your data securely deleted in accordance with our data destruction procedures.

Hosting Infrastructure

Scanerrific is hosted on Hostinger.co.uk, a trusted hosting provider renowned for its robust security measures. For more information about Hostinger's hosting infrastructure and security practices, please refer to

https://support.hostinger.com/en/articles/1583287-what-security-measures-does-hostinger-use

Password Management:

Upon initial sign-in, users are required to create a strong, unique password. To ensure the ongoing security of user accounts, we implement the following password management practices:

Password Complexity: Users are encouraged to create passwords that meet specified complexity requirements, including a combination of uppercase and lowercase letters, numbers, and special characters.

Password Expiry: As an added security measure, users are prompted to change their password immediately upon initial sign-in and periodically thereafter, in accordance with our password expiration policy.

Password Storage: Passwords are securely hashed and stored using industry-standard encryption algorithms. We never store passwords in plaintext or readable format.

Password Reset: In the event of a forgotten password or account compromise, users can securely reset their password through our account recovery process, which may include identity verification steps to prevent unauthorised access.

Multi-Factor Authentication (MFA):

In addition to strong password management practices, Scanerrific requires the use of Multi-Factor Authentication (MFA) for all user accounts. MFA adds an extra layer of security by requiring users to verify their identity using multiple authentication factors, typically something they know (password) and something they have (a mobile device or security token).

MFA Setup: Upon initial sign-in or account creation, users are prompted to set up MFA for their account by linking a mobile device or authenticator app.

Authentication Process: When logging in, users are required to provide their password as well as a second authentication factor, such as a one-time passcode generated by the authenticator app or sent via SMS.

Enhanced Security: MFA significantly reduces the risk of unauthorised access to user accounts, even in the event of a compromised password.

By implementing strong password management practices and requiring the use of Multi-Factor Authentication (MFA), Scanerrific enhances the security of user accounts and mitigates the risk of unauthorised access or data breaches. We are committed to maintaining the highest standards of security to protect our users' sensitive information.

Authorised Access and Data Security Procedure

At Scanerrific, we prioritise the security and confidentiality of our users' data. We recognize the importance of limiting access to sensitive information to authorised personnel only and have implemented strict procedures to ensure the protection of user data.

Authorised Access:

Limited Access: Access to user data is restricted to authorised Scanerrific personnel who require access for critical application operations and security checks only.

Role-Based Access Control (RBAC): We employ Role-Based Access Control mechanisms to restrict access to specific functionalities and data sets based on job responsibilities and roles within the organisation.

Data Security Procedure:

Data Handling Policy: Scanerrific has established a comprehensive Data Handling Policy that outlines the procedures and protocols governing the access, use, and handling of user data by authorised personnel.

Security Training: All personnel with access to user data undergo rigorous security training to ensure awareness of data protection policies and best practices.

Access Authorization: Access to user data is granted on a need-to-know basis and is authorised by designated personnel or contractors responsible for overseeing data security.

Data Encryption: User data is encrypted both in transit and at rest using industry-standard encryption algorithms to prevent unauthorised access or interception.

Regular Audits: We conduct regular audits and reviews of access logs and data handling procedures to identify and address any potential security vulnerabilities or compliance issues.

Incident Response: In the event of a security incident or breach, our Incident Response Team follows established procedures to mitigate the impact and ensure timely notification to affected users.

Conclusion

At Scanerrific, we are committed to providing a secure and reliable platform for our users. Our comprehensive security measures, coupled with continuous monitoring and improvement, ensure that your data remains protected at all times. If you have any questions or concerns regarding our security practices, please don't hesitate to contact us.