Security Policy

Version 1.0
Schemon, Inc.
Last Update: June 1, 2024

Introduction

This Security Policy describes the security measures taken to protect customer data. Schemon takes the security of customers' data seriously and implements industry standard measures to protect it. Schemon makes sure that all the data you store in Schemon remains yours and can not be accessed by 3rd parties that are not authorized by you.

Definitions

Schemon,Inc. is referred in this document as “Schemon”. It also implies Schemon when “we”, “us”, and “ours” is written in this document.

Schemon provides certain services overthe Internet. These services, which are called "services" in this document, are:

The software that is used to access Schemon services is referred as the“navigator”. The navigator can be desktop computer, laptop computer, tablet or mobile based. It can also be any other type of tool that provides access to Schemon services.

The person accessing services via a navigator, you, is referred as the“visitor”. It is also implied when “you” and “your” is written in this document. You are a visitor if your access is limited with the website and blog. If you are accessing the portal by signing in, you are using the Schemon portal, referred as “user” in this document.

Security Scheme

The security scheme in Schemon is composed of three parts:

  1. Physical Security
  2. Software Security
  3. People Security

The below sections provide related information.

Physical Security

Amazon Web Services (AWS) are used as the main cloud hosting provider. We leverage AWS’ data centers with facilities and procedures designed to ensure physical security and integrity of all of the data you entrust us with. Check out https://aws.amazon.com/compliance/data-center/controls/ for more details.

Software Security

Main points of the software security practices are as follows:

  • Secure Authentication: In addition to the standard e-mail / password authentication we provide authenticator based additional authentication mechanism.
  • Data at Rest Protection: We encrypt data at rest using AES-256 encryption.
  • Data in Transit Protection: We encrypt data in transit using AES-256 symmetric encryption and RSA4096 asymmetric encryption, with at least TLS 1.2.
  • Data Integrity: All data is kept on redundant cloud systems to help prevent data loss.
  • Data Backups: Data are also automatically backed up on cloud systems on different regions. Backups are encrypted.
  • Payment Safety: We use Stripe to accept and process credit card payments as well as wire transfers. We implement these payment technologies in a such way that Schemon doesn’t store or process any paymet-critical information. All your payment-critical data is kept on the payment processor and we only keep track of your identifier, which does not give us access to your payment data but lets us keep track of the status of the payment.

People Security

People can make errors, our aim at Schemon is to limit the amount of errors, limit the extend of damage that can be caused by errors and act on errors as fast as possible to protect your data. The main security practices are as follows:

  • Need to Know Based Procedures: All Schemon personnel, has access to customer data on a need to know basis on the atomic level. They conduct their work according to their defined procedures and are internally audited regularly.
  • Access Restrictions: Full access to databases and data warehouses are not provided to operational personnel. Operational personnel works with data via clearly defined internal API endpoints. Software developers do not have direct access to production level servers and databases in order to prevent accidental data leaks.
  • Penetration Testing: We contract 3rd party penetration testing services regularly on our systems at least once a year.
  • SOC2 Type II Compliance Target: We are working on SOC2 TypeII compliance, our aim is to certify that our security policies and controls continuously meet the highest industry standards.
  • Monitoring: We use multiple security, monitoring, and alerting tools designed to make sure our systems are running securely and safely. These alerts are monitored 24/7 by our engineering team.

Updates to This Security Policy

This Security Policy might be updated from time to time. The date at the top of this Security Policy indicates when it was last updated. Please re-visit this Security Policy regularly to stay informed about our security measures.

How to Reach Us

If you have a question about this Security Policy, or you would like tocontact us about any of your rights mentioned herein, please contact us at info@schemon.com.

You may reach us by mail at Schemon, Inc., Christiana Corporate BusinessCenter, 200 Continental Dr, Suite 401, PMB 1578, Newark, DE, 19713, USA.