Terms of use
Privacy Policy
Hidynotes and CCPA
Hidynotes and GDPR
Data Processing Addendum
Security
Cookies
Service Level Agreement

Security

Last Updated: October 24, 2023

Your trust is our most important asset. All customer data stored by Hidy («we», «us», “Hidynotes”) is protected by rigorous infrastructure and administrative procedures. To achieve the high levels of physical and data protection that businesses require today, Hidy maintains a robust and comprehensive multi-level security environment as described herein.

Data Collection

Our company's overriding policy is to collect as little user information as possible.

Hidy processes the following personal information: * Your name; * Email address; * Trello ID; * Language preferences; * Time zone; * Trello OAuth token; * Trello board fields (ID, name); * Trello card fields (ID);

You can get more details on what we apply your personal data for in "Hidynotes and GDPR".

Physical Security

The Service is hosted on dedicated servers following best industry practices in Google Cloud data center, located in USA, Australia and Belgium. The data centers provide 24-hour physical security which includes keycard and biometric access controls as well as continuous surveillance.

Data Encryption

All data is encrypted at transit by proven transport layer security (TLS) technology from the most trusted providers to encrypt all data transmissions between your device and our servers. TLS technology is designed to protect your information by establishing trust to our servers through a trusted third party and then creating a secure channel through which your data can pass to our servers protected from law violators. We enforce TLS with minimum version 1.2.

All data is stored encrypted. Encryption keys are managed by Google Cloud. For the database, the content of the notes is encrypted and the encryption keys are secured by Google Secret Manager.

All data storages and backend apps have firewalls which provide a strong barrier for network security from the Internet.

User Authentication

We use Trello OAuth authorization protocol and do not store either user's password.

Operational Management

We use Google Cloud SQL built-in backup features to ensure that your data is backed up.

Access to all Hidy production resources and data is limited to lead developers, DevOps and security engineers.

Disclosure

Hidy maintains a policy of full event disclosure for security incidents that affect user data. In the event of any security incident affecting your data, a notification will be sent to you.

Engagement

If you find a security issue with our Service, please contact us at [email protected].

Changes

We may update this Security Statement as we add new security capabilities and make security improvements to our services. If we make any material changes, we will send you a notification prior to the change becoming effective. We encourage you to periodically review this page for the latest information on our security practices.