Security Policy
Hatch™ is committed to protecting our customers' and children’s information collected by our solution. We have adopted robust technical, administrative, and physical procedures to help protect this information from loss, misuse, and alteration. Hatch relies upon employees and business partners to properly develop, maintain, and operate our systems, networks, and processes, which keep our sensitive information safe and properly used. This means that every person and organization handling our information has the responsibility to keep the information safe, no matter where the information is located. This includes computing systems, networks, paper copies, business processes, and verbal transmission of information.
Hatch follows and is committed to the following security guidelines:
- Ignite by Hatch™ is designed to use Secure Sockets Layer (SSL) protocol for all communications to and from Hatch. SSL is an industry-standard security protocol used for encrypting data.
- Ignite by Hatch™ uses file system-level encryption services to ensure specific data files on the device are encrypted. File system-level encryption ensure the key data is safe if the device is lost or stolen.
- Hatch Insights™ is designed to use the latest SSL protocol for allcommunications to and from the devices. SSL is an industry-standard security protocol used for encrypting data.
- Hatch Insights™ uses security-based Access Control Lists (ACLs) for all connections, queries, and other operations. In addition, key data, such as passwords, is encrypted inside the database to prevent access to sensitive data from internal users with raw data access.
- Hatch Insights™ uses account-based content delivery to ensure that an organization’s data is only viewed by authorized users.
- Hatch Insights™ is on a hosted solution that has received global security certification and compliance verification for Service Organization Control levels SOC 2 Type II.
- Hatch Insights™ does not store any personally identifiable information (PII) such as name, address, phone, gender, or ethnicity on any server/instance other than production servers/instances.
- All the personally identifiable information is stored in encrypted format.
- Access to production server/instance is given to a very small internal team and multifactor-based access control is strictly enforced.
- All the team members with access to production server/instance have gone through data privacy/security training and have signed data protection as part of their employment contracts.
- Internal and external communication processes are well defined and strictly followed by the operations teams.
- Access to production server is limited only from a few machines. These machines have industry-standard antivirus software installed on them and are protected by SOC2 Type II compliant firewalls.
- The audit trail for all the access to production servers/instances is maintained on a separate machine.
- All the production servers/instances are on a private virtual network with no external IP addresses.
- Security patches are installed on all the production servers/instances as soon as they are released by the software vendors. Hatch Insights™ uses security-based ACLs for all connections, queries, and other operations. In addition, key data, such as passwords, is encrypted inside the database to prevent access to sensitive data from internal users with raw data access.
- We use AWS Cognito service to do validation. All Hatch Insights™ and Ignite login credentials are handled by AWS Cognito.
What if I have questions about this policy?
If you have any questions or concerns regarding our privacy policies, or general questions about our products or business, please send us a detailed message to the following address or email and we will try to resolve your concerns.
Hatch Inc.
Attn: Customer Care
301 N Main Street
Suite 101
Winston-Salem, NC 27101