HqO Security Practices
Security is an integral component of our business. HqO’s customers and users entrust us with their work-life information, and we aim to process and store that information thoughtfully and intelligently.
We see our data security as a differentiator for us in the marketplace, and we have commitments from all levels of the business to resource it appropriately.
Our security team is comprised with individuals from our technology, operational, human resources, financial and accounts groups, and almost all of these individuals are representatives of our company’s overall leadership team as well.
We meet weekly, and we have more than twenty ceremonies throughout the year to covering a wide array of security-related activities to plan, execute, monitor and react to our data security initiatives.
Talk is cheap. Here is a list of the certifications and compliances we either have or are pursuing at the time of writing this (Oct 2019).
|SOC 2||✔||HqO is SOC-2 Type I compliant as of September 3, 2019. We will be SOC-2 Type II compliant upon the first year anniversary and will maintain SOC-2 compliance thereafter as an annual ceremony. For a copy of our independent auditor’s report, please email us at [email protected]|
|GDPR||✔||HqO is GDPR compliant as of October 15th, 2019.|
|CCPA||✔||Although we are not subject to CCPA based on its criteria, HqO will be CCPA compliant on or about October 31, 2019; ahead of its official effective date of January 1, 2020.|
|EU-US, Swiss-US Privacy Shield||✔||HqO has been accepted to the EU-U.S. and the Swiss-U.S. Privacy Shields on November 5th, 2019.|
|Certification planned for
We believe that all of our users and customers have rights to their data, regardless of regulatory governance.
You may have the right to:
- Request access to the personal data we hold about you
- Request we correct any inaccurate personal data we hold about you
- Request we delete any personal data we hold about you (“Right to be Forgotten”). We have a process in place to ensure that HqO as well as any sub-processing entity are capable of supporting a user’s right to be forgotten.
- Restrict the processing of Personal Data we hold about youObject to the processing of Personal Data we hold about you
- Receive any Personal Data we hold about you in a structured and commonly used machine-readable format or have such Personal Data transmitted to another company.
To get a better sense of how are information security management system operates, here’s a list of a subset of our policies:
- Access Management
- Incident Command System
- Infrastructure Change Management
- Risk Management
- Security Incident Response Plan
- Software Development Lifecycle
- Vendor Relationship
- Vulnerability Management
If you’d like to learn more about a particular policy, please contact us at [email protected].
- A copy of our mobile app’s End User License Agreement is available to review.
- You can request your data at any time by sending us an email or calling us.
- You can learn more about our processing activities here.