At Deliverect, our mission is to be the backbone of on-demand food and help businesses to connect with their customers & help them to thrive online.
We do this by delivering only the best software to simplify the lives of our customers, and since this needs to be done in a responsible manner, we ensure user privacy and security remain at the top of our agenda. Developing and maintaining secure products and services helps us build trust and confidence across our customer base, so we place great focus on improving that security with our teams too.
1. Security at the core
We adhere to information security best practices and standards, which contemplate security measures such as:
Data encryption - both in transit and at rest;
Modern Authentication methods and Two-Factor Authentication;
High availability and disaster recovery capabilities;
Vulnerability monitoring and remediation controls;
Information Security policies and Security training available to all employees;
GDPR and privacy compliance.
For more information regarding the cybersecurity controls that we have in place, please reach out to our Security Team via email firstname.lastname@example.org.
Deliverect’s entire infrastructure is cloud-based, and it is hosted on Google Cloud Platform. It is distributed across different zones, to ensure the high availability of our systems.
Our servers and databases are continuously monitored following DevOps practices, allowing for several releases each month, with fixes and improvements to overall performance.
The security and monitoring of our application architecture, databases, and access controls are managed in-house by our Infrastructure Team, with support from our providers.
Overall, this makes our infrastructure, facilities, and systems reliable, robust and third-party tested, which gives you a highly secure system to provide a great experience to your customers.
3. Governance, Risk and Compliance (GRC)
We have a dedicated team working on GRC and Privacy initiatives, who manage Deliverect's overall governance, IT risk management, compliance and Data privacy requirements. The ultimate objective is to align IT with business objectives, whilst successfully managing risks, remaining compliant and respecting and protecting your privacy.
4. Responsible Security Disclosure
The security of our infrastructure is ensured by the timely and successful application of maintenance updates and patches, following our suppliers’ releases and recommendations. Additionally, upon discovery of potential vulnerabilities we will patch our application code to ensure our users are kept safe.
Similarly, if as a client or partner you believe to have identified a vulnerability in any of Deliverect’s products, we would appreciate you reporting it to email@example.com so that our team of experts can investigate this and find a prompt solution.
We employ preventive and detective solutions such as firewalls and IDS to prevent unauthorized access to our network and client data. However, at times these barriers can be surpassed by attackers and for this reason we have a Cybersecurity Incident Management procedure in place which helps us manage and eradicate these.
If you’re a client or partner, and you believe to have identified a cybersecurity incident - ransomware, compromised account or credentials, data theft/loss, etc. - with the potential to propagate to or impact Deliverect, please report this upon detection to firstname.lastname@example.org, by simply providing a brief description of the situation you are experiencing. Our Security Team will work with you to assess the situation, and come up with the appropriate response strategy.
Deliverect will never ask you to share your credentials, so please remember to never submit your passwords or usernames if prompted with such request and forward it to email@example.com, so that our team can investigate it.
5. Personal Information
We place great importance on users' privacy rights and prioritize the protection of your personal information. You can access our Privacy Notice to understand how Deliverect collects and manages personal information and the rights you can exercise regarding your personal information, or you can read this post where our Head of Infrastructure shares more information about GDPR. Any additional questions you may have in this regard, please contact firstname.lastname@example.org, and our team of experts will advise you on your query. Please allow a reasonable amount of time to respond to your request.
Unfortunately, the transmission of data over the internet is not always completely secure. Although we take the necessary steps to protect your personal information, we cannot always ensure that the information you decide to share with us is exempt from situations such as unauthorized access; any transmission is at your own risk. However, we will put in place the necessary security measures to prevent these situations from happening.
6. Customer Responsibilities
As a customer, there are some responsibilities with regards to maintaining and ensuring security that you must keep in mind:
Managing the Deliverect user accounts that you create and the roles that you assign to these - make sure these are fit for purpose.
Protecting your own accounts and user credentials by using a strong password policy and not sharing them with unauthorized individuals.
Compliance with the terms of your services agreement with Deliverect, including with respect to compliance with laws.
Promptly notifying Deliverect of unexpected or undesired security related incidents that could negatively affect you and Deliverect such as a user credentials compromise.