Security and vulnerabilities

Security and data integrity is our top priority. We treat vulnerabilities and breaches seriously, and will disclose known breaches to the appropriate channels, including publicly if required.

Security and data integrity

Community Analytics takes security and data integrity seriously. We have implemented a range of security measures to protect your data, including:

  • SSL encryption
  • Secure data storage at rest on databases
  • Regular security audits
  • Regular security updates
  • Regular data backups
  • Secure data transmission
  • Secure data access
  • Secure data deletion
  • Appropriate protection against XSS, SQL injection, and other similar attack methods
  • Secure development practices, including the implementation procedures which protect align with the OWASP Top 10
  • Regular staff training
  • Implementation and regular updating of our internal Risk Management Policy

Past vulnerabilities and breaches

There are currently no known data breaches. Data breaches which are appropriate to report publicly will appear here. In situations where data breaches involve specific parties, and are contained to those parties, those parties will be notified directly. Any required government bodies and police departments will also be notified where appropriate.

Data Breach Response Plan

Our data breach response plan is our framework which sets out the roles and responsibilities for managing an appropriate response to a data breach as well as describing the steps to be taken by an entity in managing a breach if one ever occurs. Our plan is constantly reviewed and updated, for the most recent copy please click here to download.

Report a security vulenrability or data breach

If you become aware of a security vulnerability or breach with our application, or any associated applications, you think we should know about please contact support@spatialmedia.io

Once reported, our policy for managing a vulnerability is:

  1. We will acknowledge receipt of the report within 1 business day
  2. We will investigate the report and provide an initial assessment within 48 hours of receipt
  3. We will provide regular updates on the status of the report
  4. We will provide a final report on the resolution of the issue
  5. We will notify the appropriate parties, including but not limited to government authorities, police, our clients, impacted individuals, and general users of the site.