Updated September 2025
Kudobuzz Security Policy
At Kudobuzz, safeguarding the data of our merchants and their customers is a top priority. This policy outlines our approach to data security, including the technical, organizational, and procedural measures we implement to protect data.
While Kudobuzz takes extensive steps to secure its platform, merchants also share responsibility for ensuring their own systems and practices align with security best practices.
Security Principles
Kudobuzz’s security framework is built around the following core principles:
- Confidentiality – Data is accessible only to authorized parties.
- Integrity – Data is protected from unauthorized alteration or destruction.
- Availability – Services and data remain accessible with minimal downtime.
Data Encryption
- In Transit: All data transmitted between Kudobuzz and users is encrypted using TLS/SSL protocols.
- At Rest: Sensitive data is encrypted at rest using industry-standard algorithms where applicable.
Access Control
- Strict role-based access control (RBAC) ensures that only authorized personnel can access sensitive data.
- Multi-factor authentication (MFA) is enforced for internal administrative access.
- Regular audits of access logs are conducted to detect unusual activity.
Application Security
- Code is reviewed and tested for vulnerabilities before deployment.
- Regular penetration tests and vulnerability scans are performed.
- Security patches and updates are applied promptly.
Infrastructure Security
- Kudobuzz is hosted on leading cloud providers with strong compliance standards (such as SOC 2, ISO 27001, and GDPR-ready).
- Firewalls, intrusion detection, and monitoring tools are in place to mitigate threats.
- Backup and disaster recovery plans ensure service continuity.
Data Retention & Disposal
- Data is retained only as long as necessary to deliver services or comply with legal obligations.
- When data is no longer needed, it is securely deleted in accordance with industry standards.
Sub-Processors
- Kudobuzz uses select third-party vendors for infrastructure, analytics, and communication services.
- Each sub-processor is reviewed for security compliance before engagement.
- A list of current sub-processors is available on request.
Incident Response
In case of a security incident:
- Kudobuzz will promptly investigate and contain the issue.
- Customers will be notified without undue delay if their data is affected.
- Post-incident reviews are conducted to strengthen our security posture.
Merchant Responsibilities
- Maintaining secure access to their Kudobuzz accounts (e.g., strong passwords, MFA).
- Ensuring their integrations and third-party apps are secure.
- Complying with applicable data protection and security regulations.
Note: Kudobuzz is not liable for breaches or data losses caused by merchant negligence, misconfigurations, or use of insecure third-party services.
Continuous Improvement
Kudobuzz continually reviews and enhances its security practices in line with evolving threats, industry standards, and regulatory requirements.
Contact Information
For security concerns, disclosures, or questions about this policy, contact:
Security Team
Kudobuzz
[email protected]