Security Policy
Hatch™ is committed to protecting our customers' and children’s information collected by our solution.
We have adopted robust technical, administrative, and physical procedures to help protect this
information from loss, misuse, and alteration. Hatch relies upon employees and business partners to
properly develop, maintain, and operate our systems, networks, and processes, which keep our sensitive
information safe and properly used. This means that every person and organization handling our
information has the responsibility to keep the information safe, no matter where the information is
located. This includes computing systems, networks, paper copies, business processes, and verbal
transmission of information.
Hatch follows and is committed to the following security guidelines:
- Ignite by Hatch™ is designed to use Secure Sockets Layer (SSL) protocol for all communications to
and from Hatch. SSL is an industry-standard security protocol used for encrypting data. - Ignite by Hatch™ uses file system-level encryption services to ensure specific data files on the
device are encrypted. File system-level encryption ensure the key data is safe if the device is lost
or stolen. - Hatch Insights™ is designed to use the latest SSL protocol for all
communications to and from the devices. SSL is an industry-standard security protocol used for
encrypting data. - Hatch Insights™ uses security-based Access Control Lists (ACLs) for all connections, queries, and
other operations. In addition, key data, such as passwords, is encrypted inside the database to
prevent access to sensitive data from internal users with raw data access. - Hatch Insights™ uses account-based content delivery to ensure that an organization’s data is
only viewed by authorized users. - Hatch Insights™ is on a hosted solution that has received global security certification and
compliance verification for Service Organization Control levels SOC 2 Type II. - Hatch Insights™ does not store any personally identifiable information (PII) such as name,
address, phone, gender, or ethnicity on any server/instance other than production
servers/instances. - All the personally identifiable information is stored in encrypted format.
- Access to production server/instance is given to a very small internal team and multifactor-based access control is strictly enforced.
- All the team members with access to production server/instance have gone through data
privacy/security training and have signed data protection as part of their employment contracts. - Internal and external communication processes are well defined and strictly followed by the
operations teams. - Access to production server is limited only from a few machines. These machines have industry-standard antivirus software installed on them and are protected by SOC2 Type II compliant
firewalls. - The audit trail for all the access to production servers/instances is maintained on a separate
machine. - All the production servers/instances are on a private virtual network with no external IP
addresses. - Security patches are installed on all the production servers/instances as soon as they are
released by the software vendors. Hatch Insights™ uses security-based ACLs for all connections, queries, and other operations. In addition, key data, such as passwords, is encrypted inside the database to prevent access to sensitive data from internal users with raw data access. - We use AWS Cognito service to do validation. All Hatch Insights™ and Ignite login credentials are handled by AWS Cognito.
What if I have questions about this policy?
If you have any questions or concerns regarding our privacy policies, or general questions about our products or business, please send us a detailed message to the following address or email and we will try to resolve your concerns.
Hatch Inc.
Attn: Customer Care
301 N Main Street
Suite 101
Winston-Salem, NC 27101
CustomerCare@HatchEarlyLearning.com