Security Policy

 

1. Overview

SSup (“we,” “our,” “the Platform”) is designed to provide a secure and governed environment for ideation, collaboration, and provenance tracking. This Security Policy outlines our general security practices and the reasonable steps we take to protect user data. As a growing startup, we continue to improve our security posture over time based on industry best practices, user needs, and available resources.

 

2. Core Security Principles

We follow the security principles typically used by modern cloud-based platforms, including:

• Encryption in transit and at rest

• Least-privilege access controls

• Separation of environments where feasible

• Continuous improvement of infrastructure and monitoring

• Secure handling of authentication and session management

These principles may evolve as the Platform expands.

 

3. Data Encryption

We use encryption technologies to protect data:

• In transit: via HTTPS/TLS

• At rest: via encryption supported by our cloud provider

We rely on secure, industry-standard cloud services (such as AWS) for storage, networking, and compute.

 

4. Access Control

We implement reasonable access restrictions to ensure that:

• Only authorized personnel have access to system components

• Access is granted based on job function

• Sensitive areas of the Platform require authentication

Access is reviewed periodically as part of routine security hygiene.

 

5. Application Security

We use secure development patterns and reasonable safeguards, including:

• Use of reputable frameworks and libraries

• Regular updates and patches

• Monitoring for common vulnerabilities

• Basic input validation and request handling

As SSup evolves, we may introduce additional application-level security measures.

 

6. Infrastructure and Monitoring

Our platform is hosted on reputable cloud providers known for their robust security programs. We rely on their built-in:

• Network protections

• Firewalling

• Logging and monitoring tools

• Identity and access management services

We monitor system activity at a practical level appropriate for an early-stage product.

 

7. User Responsibilities

Security also depends on user practices. You agree to:

• Keep your passwords confidential

• Use a strong, unique password for SSup

• Restrict access to your account

• Notify us immediately of any suspected unauthorized access

You are responsible for the security of your own devices and networks.

 

8. Third-Party Services

SSup may rely on third-party providers for hosting, authentication, analytics, or other functionality. While we select reputable vendors, we do not control their internal security practices. Each provider is responsible for its own systems.

We do not share Spark Record contents with any third-party AI vendors, advertisers, or data brokers.

 

9. Limitations

While we take reasonable measures to protect data, no system can guarantee absolute security.
We do not warrant or guarantee that:

• The Platform will be free from vulnerabilities

• Unauthorized access will never occur

• All attacks can be prevented

Users should consider the sensitivity of information they upload and take appropriate precautions.

 

10. Incident Response

If we become aware of a security incident affecting the Platform, we will take reasonable steps to:

• Investigate the issue

• Mitigate any impact

• Notify affected users as required by applicable law

Our incident processes will mature as our Platform expands.

 

11. Changes to This Security Policy

We may update this Security Policy periodically as our infrastructure and practices evolve. A notice will be posted when changes are material.

 

12. Contact

If you have questions or security-related concerns, you may contact us at:
support@ssupcreator.com