At PodcastAI, we recognize that safeguarding both company and client information is a shared responsibility amongst all our employees and contractors. Our smaller size is an advantage, enabling us to quickly communicate, implement, and train on new information, policy modifications, emerging external threats, and new tools.
Physical Security Standards
Our servers are hosted on Digital Ocean, ensuring robust physical data security and rigorous environmental controls. Any environment where data might be transmitted or stored is thoroughly assessed and tested to guarantee it meets our security standards.
Data Encryption
We employ secure encryption for all sensitive or confidential information (including PHI and PCI data) that is stored or transmitted over electronic communication networks. This protects against unauthorized access by rendering the data unusable, unreadable, and indecipherable to any unauthorized individual.
Data Privacy
We only collect and process information as provided to us by our customers, who are the owners of their data. Our privacy policy, available on our main website, details our information management practices, the types of information we collect, and how we use this information.
Data Security
We deploy hardened systems, secured environments, and role-based access control to protect customer data from unauthorized access. All access to our systems is closely controlled, with the utilization of two-factor authentication and industry-leading encryption algorithms.
Application Security
Our application servers are protected behind industry-standard firewalls with restricted ports. Passwords are encrypted during transmission and stored in a hashed format. We prioritize maintaining our internal network with vulnerability and patch management, and we scan our code for vulnerabilities before each production release.
Incident Response, Disaster Recovery & Business Continuity
We have clearly defined incident response and disaster recovery policies and perform daily backups. In the event of any unauthorized access detected through our monitoring tools, PodcastAI staff will:
Activate the Incident Response Plan and assemble response team members
Immediately reset all relevant passwords and revoke relevant keys, if applicable to the situation
Notify PodcastAI's Engineering, Product, and Customer Success teams
Notify affected customers (if impacted) about the intrusion and if/how their data was compromised, providing timely updates on progress
Conduct an assessment to identify the source of the breach and attain necessary third-party assistance with forensics if required
Define system or process improvement tasks to avoid future incidents
Communicate to affected customers (if impacted) about the improvement plan and update them as improvements are deployed We also maintain a business continuity plan that is tested and revised as necessary and at least annually.
Security, Privacy & Compliance
We offer on-going training for our employees on all information security policies and practices and enforce disciplinary measures for violations of our policies and procedures. Our team adheres to a process for onboarding and off-boarding, providing only least-privilege access when appropriate for job function - a practice known as role-based access control.
We maintain compliance with HIPAA and are PCI Compliant; thus, we fulfill these requirements throughout the year, which includes a series of checks, obligations, and independent audits for verification.
Contact
If you have questions or comments regarding PodcastAI's Information Security initiative, please contact us using the messenger app.