Skip to Content

Security Policy

Data EncryptionAuthentication and Access ControlsData MinimizationSecure Software Development PracticesProtection Against Malicious ActivitiesUser ResponsibilitiesThird-Party SecurityData Retention and DisposalIncident ResponseUpdates to Security PolicyContact Us

Effective Date: 01.03.2025

At Foo-Kaz d.o.o. ("we," "App," "our," or "us"), we are committed to ensuring the security and privacy of your personal data. This Security Policy outlines the measures we take to protect your information and describes the security practices employed to safeguard data collected through our mobile application, Foo-Kaz App ("the App"). By using the App, you agree to the security practices described in this policy.

Data Encryption

We use industry-standard encryption protocols to protect the data transmitted between your device and our servers. This includes encryption of sensitive information such as login credentials and payment details, both during transmission and storage.

  • Transmission Security: All communications between the app and our servers are encrypted using SSL/TLS protocols.
  • Data Storage Security: We store sensitive information in an encrypted format to prevent unauthorized access.

Authentication and Access Controls

We implement strong authentication measures to ensure that only authorized users can access your account or sensitive data:

  • User Authentication: We require secure login methods, including email/password combinations, multi-factor authentication (MFA), and secure OAuth login options where applicable.
  • Role-Based Access: Access to sensitive data and features is restricted based on user roles and permissions. Only authorized personnel can access certain types of data.
  • Session Management: We employ secure session management practices, including automatic session expiration after a certain period of inactivity.

Data Minimization

We follow the principle of data minimization, which means we only collect and store the minimum amount of data necessary to provide the functionality of the app. We also regularly review our data collection practices to ensure that only relevant data is collected.

Secure Software Development Practices

Our development team follows secure software development best practices to minimize vulnerabilities and ensure the security of the app:

  • Code Review and Testing: Our code is regularly reviewed and tested for security vulnerabilities.
  • Regular Security Audits: We conduct regular security audits and vulnerability assessments to identify and fix potential security weaknesses in the app.
  • Patch Management: We promptly apply security patches to the app and underlying systems to mitigate risks from known vulnerabilities.

Protection Against Malicious Activities

We take measures to detect and prevent malicious activities, including:

  • Malware Protection: Our app undergoes regular scans for malware and other harmful code to ensure that it remains free from security threats.
  • Intrusion Detection: We utilize intrusion detection systems (IDS) to monitor for unauthorized access or suspicious activities on our servers.
  • Data Integrity: We use data integrity checks to ensure that the information stored and transmitted by the app is accurate and has not been tampered with.

User Responsibilities

While we implement various security measures, users also have responsibilities to ensure their accounts and data are secure:

  • Password Management: Users should choose strong, unique passwords and avoid sharing them with others. We recommend enabling multi-factor authentication (MFA) where available.
  • Device Security: Users should ensure their devices are protected with security features, such as device passwords, biometrics (e.g., fingerprint or face recognition), and up-to-date antivirus software.
  • Reporting Suspicious Activity: If users suspect any unauthorized access or security incidents, they should promptly report them to us through the contact details provided in this policy.

Third-Party Security

We take precautions to ensure that any third-party services or vendors we work with follow strong security practices:

  • Third-Party Providers: Any third-party services we use to support the app (e.g., cloud hosting, payment processors) are selected based on their adherence to strong security standards. We require our partners to meet strict security requirements and conduct regular security audits.
  • External API Security: If the app integrates with external APIs, we ensure that secure communication (e.g., using HTTPS) and proper authentication mechanisms are in place.

Data Retention and Disposal

We retain user data only for as long as necessary to fulfill the purposes for which it was collected. When data is no longer required, we ensure that it is securely deleted or anonymized.

  • Data Retention: We regularly review data retention policies and delete data that is no longer required.
  • Data Disposal: When disposing of physical or digital media that contains sensitive data, we employ secure methods to ensure that the data cannot be recovered or accessed.

Incident Response

We maintain an incident response plan to address security breaches, should they occur. This includes:

  • Breach Detection: We monitor for unusual activity or potential security incidents.
  • Notification of Breach: In the event of a data breach, we will notify affected users as required by applicable laws and regulations, including informing them of the nature of the breach, the data affected, and any remedial steps they should take.
  • Mitigation: We will take immediate action to mitigate the impact of the breach and prevent future incidents.

Updates to Security Policy

We may update this Security Policy from time to time to reflect changes in security practices or legal requirements. The "Effective Date" at the top of this policy will be updated accordingly.

Contact Us

If you have any questions or concerns about this Security Policy or our security practices, please contact us.