kwrds.ai

Security & Compliance

At kwrds.ai ("we," "us," or "our"), we take the security of your data seriously. We are committed to protecting the information you share with us and ensuring compliance with applicable data protection regulations, including the General Data Protection Regulation (GDPR) and the California Consumer Privacy Act (CCPA).

1. Data Security

We implement industry-standard security measures to safeguard your personal data. Our security practices include, but are not limited to:

  • Encryption of data at rest and in transit using strong cryptographic protocols in compliance with GDPR's requirements for data protection (Article 32).
  • Regular security audits and vulnerability assessments to identify and mitigate potential risks, as recommended by GDPR and other data protection laws.
  • Multi-factor authentication (MFA) for accessing sensitive data and systems, powered by Clerk, ensuring compliance with security best practices.
  • Strict access control policies, ensuring that only authorized personnel can access sensitive data, in line with GDPR's principle of data minimization (Article 5).
  • Continuous monitoring of our systems for any suspicious activities or potential breaches, aligning with the proactive security measures outlined by the GDPR.

2. Compliance

We adhere to relevant legal and regulatory requirements, including data protection laws such as GDPR and CCPA. Our compliance measures include:

  • Maintaining up-to-date records of our data processing activities, as required by GDPR (Article 30).
  • Providing transparent information about how we collect, use, and store personal data, in accordance with GDPR's transparency requirements (Articles 12-14).
  • Ensuring that our service providers and partners are compliant with applicable data protection regulations, including GDPR and CCPA.
  • Responding promptly to data subject requests, including requests for data access, correction, or deletion, in compliance with GDPR (Articles 15-22) and CCPA (Section 1798.100-1798.199).
  • Regular training for our employees on data protection best practices and legal obligations, ensuring ongoing compliance with GDPR and CCPA.

3. Data Retention

We retain personal data only for as long as necessary to fulfill the purposes for which it was collected, or as required by law. We regularly review our data retention policies to ensure compliance with applicable regulations, including GDPR (Article 5(1)(e)).

4. Vendor Management

We carefully select and monitor our third-party vendors to ensure they adhere to our security and compliance standards. We require our vendors to:

  • Implement appropriate security measures to protect the data they process on our behalf, in compliance with GDPR and other data protection laws.
  • Comply with relevant data protection laws and regulations, including GDPR and CCPA.
  • Promptly notify us in the event of any security incidents or breaches, as required by GDPR (Articles 33-34).

5. Continuous Improvement

We are committed to continuously improving our security practices. We stay informed about emerging threats and security trends, and we regularly update our policies and procedures to address new challenges, ensuring ongoing compliance with GDPR and CCPA.

6. Contact Us

If you have any questions or concerns about our security and compliance practices, please contact us at hello@kwrds.ai.