Security Policy

Last Updated: April 20, 2026

ShortBamboo takes data security seriously. This Security Policy explains the measures we take to protect your personal information and maintain the security of our systems.

1. Security Commitment

We are committed to protecting your personal information against unauthorized access, alteration, disclosure, or destruction. While we implement comprehensive security measures, no system is 100% secure. We continuously work to improve our security practices.

2. Data Encryption

2.1 In Transit

All data transmitted between your browser and our website is encrypted using:

• HTTPS (TLS 1.2 or higher)
• SSL/TLS certificates
• Secure socket layer encryption

This means information you submit (contact form, payment details) is encrypted and cannot be intercepted by third parties during transmission.

2.2 At Rest

Sensitive data stored on our servers is encrypted using industry-standard encryption protocols. Access to encrypted data requires authentication and authorization.

3. Access Controls

3.1 Authentication

Access to our systems requires:

• Strong authentication credentials (passwords)
• Verification of identity for sensitive operations
• Session timeout after periods of inactivity

3.2 Authorization

Our team members have:

• Role-based access control (RBAC)
• Minimum necessary access (principle of least privilege)
• Restricted access to personal information
• Regular access reviews and revocation

3.3 Password Security

If you create an account or credentials:

• Use strong password requirements (minimum 8 characters, mixed case, numbers, symbols)
• Do not share passwords with others
• Change passwords regularly
• Passwords are hashed using bcrypt or similar strong algorithms

4. Network Security

Our network infrastructure includes:

5. Data Storage and Backup

5.1 Data Centers

Our data is stored on secure servers hosted by reputable providers with:

• Physical security and access controls
• Environmental monitoring (temperature, humidity)
• Redundant systems and backups
• SOC 2 compliance and certifications

5.2 Backups

We maintain regular backups of essential data:

• Automated daily backups
• Encrypted backup storage
• Backup restoration testing
• Geographic redundancy

5.3 Data Retention

We retain your data only as long as necessary:

• Contact form data: 2 years
• Email communications: 1 year
• Backups: 90 days after deletion

You can request data deletion at any time. We will delete your data within 30 days, except where legally required to retain it.

6. Third-Party Security

We use third-party services that have their own security practices:

6.1 Service Providers

• Google Analytics: Industry-standard security practices
• Formspree: GDPR-compliant form handling with encryption
• Calendly: Secure booking platform with data protection

6.2 Our Due Diligence

We carefully evaluate third-party services for:

• Data protection compliance
• Security certifications (ISO 27001, SOC 2)
• Privacy practices and terms
• Encryption standards
• Breach notification procedures

7. Employee Security

Our team members are trained on:

• Data protection and privacy practices
• Confidentiality agreements
• Secure handling of personal information
• Phishing and social engineering awareness
• Incident reporting procedures

All team members sign confidentiality agreements and receive regular security training.

8. Vulnerability Management

We maintain security by:

• Regular security audits and penetration testing
• Keeping all software and systems updated
• Patching known vulnerabilities promptly
• Monitoring security advisories and alerts
• Having a responsible disclosure process for reported vulnerabilities

If you discover a security vulnerability, please report it to security@shortbamboo.com instead of public disclosure.

9. Incident Response

9.1 Data Breach Response

In the event of a suspected data breach, we will:

• Immediately investigate and assess the breach
• Contain the breach to prevent further unauthorized access
• Notify affected individuals without unreasonable delay (as required by law)
• Provide information about the breach and steps individuals can take
• Preserve evidence for investigation
• Report to relevant authorities if required

9.2 Notification Timeline

We will notify you of a data breach within 72 hours of discovering it, as required by applicable laws.

10. Compliance and Standards

Our security practices comply with:

• GDPR: General Data Protection Regulation (EU)
• CCPA: California Consumer Privacy Act
• India Data Protection: Information Technology Act and rules
• Industry Standards: Best practices for data security

11. User Responsibilities

You share responsibility for security:

• Keep your credentials confidential
• Do not share passwords with others
• Protect your account from unauthorized access
• Report suspicious activity immediately
• Use secure networks (avoid public WiFi for sensitive data)

12. Security Audit and Assessment

We conduct regular:

• Internal security audits
• Third-party penetration testing
• Vulnerability assessments
• Risk assessments
• Security compliance reviews

13. Updates to Security Practices

We continuously update our security practices to address:

• Emerging threats and attack methods
• New security standards and best practices
• Changes in regulations and legal requirements
• Technology advancements

14. Security Awareness

To protect your information, be aware of:

• Phishing: Don't click suspicious links in emails
• Social Engineering: Don't share sensitive info with unknown parties
• Malware: Keep your device software updated
• Password Security: Use strong, unique passwords
• Secure Networks: Avoid public WiFi for sensitive transactions

15. Contact Security Team

16. Acknowledgment

By using ShortBamboo services, you acknowledge that you have read and understood this Security Policy and trust us to protect your information according to these practices.