Version 1.0 — January 7, 2024

At Thinksy, we prioritize the security of our systems and the protection of our customers' data. Our security measures are designed to provide robust protection while maintaining the efficiency and usability of our services.

1. Access Control

  • We maintain strict access control to our codebase and critical systems. Currently, only our Chief Technology Officer (CTO) has direct access.

  • Access is secured through Multi-Factor Authentication (MFA) and IP address restrictions to ensure that only authorized personnel can access sensitive information.

2. Data Encryption

  • All customer data is encrypted at rest within PlanetScale, our database platform, providing a high level of data security and integrity.

3. Incident Response

  • In the event of unusual activity, our CTO is immediately alerted. While we do not have a formal incident response plan currently, we are committed to taking swift action to investigate and address any security concerns.

4. Physical and Cloud Security

  • As a cloud-based operation, we leverage the inherent security benefits of our cloud service providers. We do not maintain physical data centers, thus focusing our security efforts on digital threats.

5. Data Backup and Recovery

  • Our database platform, PlanetScale, ensures that data is regularly backed up. This allows us to retrieve data in case of loss or corruption, ensuring business continuity and data integrity.

6. Third-Party Vendor Security

  • We utilize reputable third-party services such as AWS Lambda and June for analytics. These services are chosen for their compliance with industry security standards, adding an additional layer of security to our operations.

7. Compliance and Standards

  • Our infrastructure is built on services like AWS Lambda and PlanetScale, which are compliant with relevant security standards. We continually assess our alignment with industry best practices to ensure we maintain a high standard of security.

8. Future Security Measures

  • As Thinksy grows, we plan to implement regular security audits, employee training programs, and formalize our incident response plans. Our commitment to security is ongoing, and we aim to continuously improve our security posture.