HeadshotBooth.ai
Log inSign up

Security Policy

Last modified: September 2, 2024

Overview

We take our own security seriously, and the security of our customers even more seriously. We follow the principle of least privilege, ensuring that access to customer data and user accounts are only granted when necessary for the functioning of our application. We strive to build software that prevents unauthorized access and disclosure of customer data.

Two-Factor Authentication

We require two-factor authentication and strong passwords on all cloud services used to build HeadshotBooth.ai.

Payments

We accept payment through Lemon Squeezy , a payments platform acquired by Stripe. In compliance with PCI-DSS, Lemon Squeezy is responsible for the security of cardholder data that resides on the Lemon Squeezy Service. This includes securing cardholder data that is stored, processed, or transmitted on behalf of the Customer, to ensure the security of cardholder data and its environment.

Infrastructure

We only build on platforms that take security as seriously as we do. HeadshotBooth.ai is hosted on Vercel, a company that maintains high security standards. You can read about Vercel's security standards here: https://vercel.com/security

We use Supabase, an open source database infrastructure platform. You can read about their security standards here: https://supabase.com/security

We also build on Amazon Web Services. You can read about AWS's security model here:https://aws.amazon.com/compliance/shared-responsibility-model/

Data Security

We work hard to protect HeadshotBooth.ai and our users from unauthorized access to or unauthorized alteration, disclosure, or destruction of information we hold. In particular:

  • We encrypt our services using SSL.
  • We review our information collection, storage, and processing practices, including physical security measures, to guard against unauthorized access to systems.
  • We restrict access to personal information to HeadshotBooth.ai employees, contractors, and agents who need to know that information to process it for us and who are subject to strict contractual confidentiality obligations.

Incident Response

We've developed and formalized an incident response plan. We define a cyber incident as an occurrence or imminent threat of occurrence which jeopardizes the confidentiality of the information our system processes, stores, or transmits, or the threat of violation of our security policies. In the event of an incident, our team will mobilize to address the threat.

We analyze all incidents, document all evidence, and inform customers in the event that an incident affects their data.

Security Awareness Training

Employees and contractors are required to complete a yearly security awareness training.

Contact Us

If you have any questions or concerns about this Security Policy, please contact us at support@headshotbooth.ai.