Protecting our client's sensitive information is of the upmost importance to Shouldice Wealth. Below are some of the ways we ensure your personal information is secured.
- Encryption in flight: All transmitted data is encrypted using TLS.
- Encryption at rest: All sensitive and personal data stored in our datastores is encrypted.
- Secured servers: All backend databases and web services are running in their own private network behind their own firewalls.
- In system messages: When communicating with the client via email, no links, or personal information outside of their first and last name will be used. To read or send any secure messages a user must first login to our platform.
- Timed session: User sessions are automatically logged out after a few hours.
- Monitoring: Suspicious behaviour from bots and other non-human agents is detected and reported.
- Independent Audits: From time to time, Shouldice Wealth will hire independent auditors to validate the security of our platform.
- Third-party service vetting: Any third-party service used to enhance the functionality of our platform will have their privacy and security policies vetted before moving forward. Only the minimal required amount of data will be used if such a service is required.
- Reporting: Anyone who finds a security flaw is able to send an encrypted message to email@example.com using our public GPG key (Fingerprint: F299 8C59 F5F4 7EB5 D754 944A 8705 766A B27A A604). Shouldice Wealth will prioritize reviewing and fixing any reported issues.
- Continuous Deployment: Any security fixes that involve code changes will be rolled out as soon as possible and not wait for any particular release date or milestone.
Protecting our clients' privacy is a priority for Shouldice Wealth Ltd. ('SWL'). These Privacy Principles are adhered to by SWL to ensure that the information you submit to us will be treated with the utmost confidentiality and in compliance with the Personal Information Protection and Electronic Documents Act of Canada (PIPEDA).
We are responsible for all personal information under our control and have designated a Privacy Officer who is accountable for our compliance with these following principles.
- Identifying Purposes: We will identify and document the purposes for which we collect, use or disclose personal information at or before the time the information is collected.
- Consent: The knowledge and consent of our clients' are required for the collection, use or disclosure of personal information.
- Limiting Collection: Only such information as is necessary for SWL's services will be collected from you. When personal information is needed, it will be obtained directly from you. We will also collect non-personal information through cookies and Google Analytics for authentication, security, app improvement and support.
- Limiting Use, Disclosure and Retention: Personal information will not be used or disclosed for purposes other than those for which it was collected, except with the consent of the individual or as required by the law. Personal information will be retained only as long as necessary for fulfilment of those purposes.
- Accuracy: Personal information will be as accurate, complete and up-to-date as necessary for the purposes for which it is to be used.
- Safeguards: We will protect personal information with security safeguards appropriate to the sensitivity of your personal information. At a minimum, this will include Encryption in flight, Encryption at rest, timed sessions, independent security audits, and secured servers running behind appropriate firewalls. Please see our security section above for more details.
- Openness: SWL will make available to clients specific information concerning the policies and procedures relating to the management of your personal information.
- Individual Access: Upon your request, you will be informed of the existence, use and disclosure of your personal information and shall be given access to that information. You may verify the accuracy and completeness of the information and may request that it be amended, if appropriate.
- Handling Client Complaints and Suggestions: Any question, concern or complaint about any of these principles can be addressed to our Privacy Officer at firstname.lastname@example.org.