Security Policy

Last updated on: Sep 22, 2018

End-to-end encryption

All communication between you, your services and SocialCaptain, that includes your data, traverses the Internet via encrypted HTTPS traffic using TLS v1.2. In addition, data is also encrypted during transit between SocialCaptain and our Content Delivery Networks (CDNs). This end-to-end encryption during communication ensures information cannot be read or manipulated by unauthorized third parties.

ISO 27001 compliant data centers

The data centers used for storing your content and allowing it to be delivered to your users are certified for compliance with the ISO 27001 standard. This standard details requirements for an information security management system (ISMS) within an organization, that is AWS, to ensure they systematically evaluate risks, threats and vulnerabilities to their information security, and having controls and a management process to constantly manage risk and meet security needs. To provide unbiased neutrality, certification is carried out by independent third-party auditors.

Annual penetration tests

Our infrastructure, web applications, and APIs are penetration tested annually by external independent parties. Any vulnerability found are fixed based our specifications in an internal SLA.

Company’s Intellectual Property

The platform is the property of SocialCaptain, and contains information and data which is protected by copyright, trademark, trade secret, and other such intellectual property laws. User agrees to abide by all copyright notices and trademark restrictions.

Access to data

Access to your data is extremely restricted. We have hand-picked and trained support staff and Engineers on support that, after your explicit permission, are able to help fix your problem by accessing the affected data that you authorize. These actions are recorded, audited and monitored.

Secure headers

To protect our users from attacks, we leverage browser protections such as HTTP Strict Transport Protection. To prevent your account to be compromised by brute forcing our web application and APIs, we implement rate limits and captchas. SocialCaptain uses a secure channel using Transport Layer Security (TLS) 1.2 encryption, the standard for secure Internet connections for all the traffic between desktop clients, mobile devices and our servers as well as all the content delivered to end-users. The Content Delivery API is also available on a non-secure channel for applications that can not make use of encryption. SocialCaptain encourages its customers to use TLS and up to date cryptographic technologies at any time. SocialCaptain's staff is performing a regular privacy training, and is bound to the European data privacy laws.

Bug reporting

We encourage responsible reporting of security vulnerabilities and software bugs. In the case that you found a vulnerability, please report it to support@socialcaptain.com and abstain from publicly announcing it before we got in touch with you to work on a fix. Please note that we discourage attempts to gain illegitimate access to another user's account or data, compromise the reliability and/or integrity of our services, and use of automated tools to find vulnerabilities.

Information Sharing and Onward Transfer

Subscriptions automatically renew each month, and you agree that SocialCaptain may process the payment method provided on the agreed renewal date. You may elect to cancel your Subscription at any time. If you cancel your Subscription within 24 hours of your initial upgrade, you will receive a refund of up to one month of your Paid Subscription fee. Any subsequent cancellations are not subject to refund.

Service

We will not sell, rent, or trade your Personal Information (whether you are a current or former Client) to any nonaffiliated third parties except as required by law, such as when we reasonably believe it is necessary or appropriate to investigate, prevent, or take action regarding illegal activities, suspected fraud, front running or scalping, situations involving potential threats to the physical safety of any person, or violations of our Terms of Use. There are certain circumstances, in which we may share your Personal Information with nonaffiliated third parties without further disclosure to you. For example, from time-to-time, we hire third-parties to perform certain business and technology related functions (e.g., mailing information, database maintenance and payment processing). In the case we hire a third party to perform a function of this kind, we endeavor to only provide them with the minimum information they need to perform their specific function and to require these third parties to safeguard your information.

Waiver

The failure of either party to exercise in any respect any right provided for herein shall not be deemed a waiver of any right hereunder.

Entire Agreement

This Agreement constitutes the entire agreement between the parties and supersedes all prior or contemporaneous written or oral agreements between them or any of their affiliates, with respect to the subject matter contained herein. This Agreement may not be modified or altered except by written instrument executed by a corporate officer of SocialCaptain.