SafetyFirst data security policy

1. Data security

SafetyFirst ("VeiligWerk" has put in place commercially reasonable physical, electronic, and organisational procedures to safeguard and secure the information (Data) we collect, receive and/or process through our services:

•

All connections and applications (including login pages) are TLS encrypted.
Account passwords are encrypted and API access tokens are hashed.
Data is stored on servers in ISO27001 / ISO27018 certified data centres. Physical location is in the EEA.
Databases are only accessible from authorised IP addresses. Encrypted using AES-256.
Data is separated per client with a unique ID.
Automated backups (full and incremental) stored encrypted in multiple EEA locations.
Separate development, testing, acceptance, and production environments.
Daily automated security scripts and monthly security analyses.
API and databases on fail-over clusters with health checks.
Infrastructure hosted in virtual private cloud.
Ongoing staff education on data handling; access on need-to-have basis.

2. License to data

Customers grant SafetyFirst a royalty-free, non-exclusive, irrevocable and worldwide license to access and use account data to provide services and compile insights. Customer data remains exclusively owned by customers.

3. Application of AI

AI may be used for functional service features, performance improvement with anonymised data, internal analyses, and third-party AI (with restrictions on training and data location). Prohibited uses include training generic models or sharing data with third parties. Customer data remains customer property.

4. Privacy

Users cannot use the service to collect personal data violating applicable laws. Users must ensure appropriate permissions and privacy policies when importing personal information.

5. Feedback

All feedback provided becomes SafetyFirst’s exclusive property.

6. Compliance with laws

Users must comply with international, national, and local laws, including GDPR and data protection regulations.