The following document provides an overview of Grafi’s Information Security & Privacy Policies. We advise reviewing this document in its entirety as an overview and seeking any additional details in the appropriate attached documents.
Grafiservice’s advanced platform is a multi-tenant, multi-user, on-demand service providing unbeatable quality, speed, and value to clients and freelancers alike. Grafiservices.com may be securely accessed 24x7 through any Internet-connected computer with a standard browser, an application program interface (API), or mobile applications.
Security is a critical part of our business. With our security & privacy program, we strive to achieve the following goals:
When ordering or registering on our site, you may be asked to enter your name, email address, mailing address, phone number, and credit card information to pay for the chosen service.
We ensure that customer data is encrypted and inaccessible to other customers and the Public, the customer data is accessible to only staff to the extent necessary to perform the required work. All our staff has signed confidentiality agreements.
All transactions are processed through a gateway provider and are not stored or processed on our servers.
We collect your email address in order to:
Our security policies and procedures are reviewed on an ongoing basis by the Grafi’s auditing staff quarterly and external audits are conducted by the ISO officials to retain our ISO standards.
We prevent loss or corruption of customer data. All Grafi services are hosted by Amazon Web Services (AWS). AWS maintains strict physical access policies that utilize sophisticated physical access control mechanisms. Environmental controls such as uninterruptable power and non-destructive fire suppression are integrated elements of all data centers. Grafi uses multiple geographically distributed data centers as part of a comprehensive disaster recovery strategy, and uses the CIS Amazon Web Services Benchmarks (https://aws.amazon.com/quickstart/architecture/compliance-cis-benchmark/) as a guide for best practices. AWS provides DDOS services.
Access to production infrastructure is managed on a least privileges basis and is limited to the Grafi’s operations team. Background checks are performed and security training is provided to ensure the background and skills of the operations staff are consistent with the information security policy and work instructions. Sensitive product service data stored in service databases never leaves the production system and access is controlled according to least privilege principles. Firewalls rules are maintained so that production systems can only be accessed for maintenance from defined locations using secured access mechanisms. Systems are maintained in a hardened state with defined baselines for all host and network equipment. All changes to systems are tracked and managed according to well-established change management policies and procedures. The patch level of third-party software on systems in regularly updated to eliminate potential security holes and known vulnerabilities.
Available on request (our standard legal documents):
We do not sell, trade, or otherwise transfer to outside parties your Personally Identifiable Information. This does not include website hosting partners and other parties who assist us in operating our website, conducting our business, or serving our users, so long as those parties agree to keep this information confidential. We may also release information when its release is appropriate to comply with the law, enforce our site policies, or protect ours or others' rights, property or safety.
Email us at firstname.lastname@example.org