Security Policy for Newton

1. Introduction

This Security Policy outlines the security measures implemented by Newton to protect the data and privacy of our clients and customers. We aim to ensure the confidentiality, integrity, and availability of all data processed by our platform and service.

2. Scope  

This policy applies to all Employees and Advertisers who access or manage data within Newton. It covers all systems, networks, and applications used to support the service.

3. Data Protection

3.1 Data Classification Data is classified into three categories:

  • Public: Data intended for public access.
  • Internal: Data intended for internal use only for advertisers.
  • Confidential: Sensitive data requiring restricted access. We are only collecting names and email addresses as personal information from advertisers. The usage of this data is only restricted to uniquely identify and authenticate the advertisers in our platform.

3.2 Data Encryption

  • Data at Rest: 
    • Database: All sensitive data is encrypted using AES-256 encryption. Data deletion protection has been enabled.
    • File Storage: We are leveraging the Google Cloud Bucket security policy to secure our assets and files.
  • Data in Transit: All data transmitted between clients and our servers is encrypted using TLS 1.2 or higher.

3.3 Hosting

  • Newton Product Suite is built on Google Cloud  Platform’s compliance with leading privacy and information security standards, including recurring re-examination by independent auditors.
  • A 3-tier architecture (Web, Application, Data) has been developed with security at each tier.
  • The data captured for each advertiser is logically segregated within our infrastructure with necessary enabled security controls further avoiding Horizontal Privilege Escalation and Vertical Privilege Escalation. 

4. Access Control

4.1 User Access Management

  • Multi-factor authentication (MFA) is enforced for all users with access to sensitive data.
  • Access is granted based on the principle of least privilege.
  • Strong, unique passwords are required for all user accounts.
  • Session Management has been enabled.

4.2 Administrative Access

  • Administrative access is limited to authorized personnel. We have RBAC (Role-Based Access Controls) enabled.
  • Access logs are maintained and reviewed regularly for suspicious activities which include login activity, updation activity, and archiving activities.

5. Network Security

5.1 Firewall and Network Segmentation

  • Firewalls are configured to protect our networks from unauthorized access.
  • Network segmentation is implemented to isolate sensitive systems and data.

5.2 Intrusion Detection and Prevention

  • Intrusion detection systems (IDS) and intrusion prevention systems (IPS) are deployed to monitor and protect against malicious activities.

6. Vulnerability Management

6.1 Patch Management

  • Regular patching of all systems and applications is conducted to address security vulnerabilities.
  • Critical patches are applied within 24 hours of release.

6.2 Security Assessments

  • Regular security assessments, including penetration testing and vulnerability scans, are conducted to identify and remediate security weaknesses.

7. Incident Response

7.1 Incident Management

  • An incident response plan is in place to address security incidents.
  • Incidents are classified based on severity and are responded to promptly.
  • Incident reports are documented and post-incident reviews are conducted to improve future responses.

7.2 Data Breach Notification

  • In the event of a data breach, affected customers will be notified within 48 hours.
  • Relevant regulatory bodies will be informed as required by law.

8. Compliance and Training

8.1 Regulatory Compliance

  • Newton Platform complies with all relevant regulations and standards, including GDPR, CCPA, etc.
  • Regular audits are conducted to ensure ongoing compliance.

8.2 Employee Training

  • All employees receive regular security training to stay informed about the latest security threats and best practices.
  • Specialized training is provided for employees with access to sensitive data.
  1. Third-Party Management
  • Third-party vendors are assessed for security risks and are required to adhere to our security policies.
  • No data is shared Data with third parties is limited to Newton’s infrastructure only..

Contact Information - For any questions or concerns regarding this Security Policy, please contact our security team at support@newtonco.ai