Logo_horizontal_wht

Ontheside Security Policy

At Ontheside, Inc., protecting the security, integrity, and confidentiality of our systems and user data is core to our mission. We are committed to maintaining high standards of information security throughout our organization and across all our services.

Data Protection and Privacy Compliance

We ensure that all personal and sensitive data is encrypted both in transit and at rest using industry-standard protocols. Our practices comply with relevant data protection regulations, including the General Data Protection Regulation (GDPR) for users in the European Union, the California Consumer Privacy Act (CCPA) for users in the United States, and other applicable federal and state-level privacy laws. These policies are reviewed and updated on an ongoing basis to reflect changes in legal requirements and industry best practices.

Access Management

Access to internal systems and sensitive data is restricted based on each individual’s role, responsibilities, and level of clearance. We enforce multi-factor authentication (MFA) and regularly conduct internal access reviews to ensure that permissions remain appropriate and secure.

Secure Infrastructure and Continuity

Our infrastructure is built on trusted, industry-leading cloud platforms that offer robust protections and scalability. We maintain continuous monitoring, proactive threat detection, and automated patching to address potential vulnerabilities. To support service availability and business continuity, we conduct regular backups and implement redundancy strategies across our infrastructure.

External Assessments and Security Standards

To validate the strength and effectiveness of our security practices, we periodically engage third-party experts to perform security assessments. These include penetration tests, vulnerability evaluations, and audits aligned with frameworks such as SOC 2 and ISO/IEC 27001. These independent reviews help us stay ahead of emerging threats and identify opportunities for improvement.

Employee Training and Awareness

We believe that strong security is a company-wide responsibility. All employees and contractors participate in mandatory security and privacy training upon joining Ontheside, followed by ongoing sessions designed to promote awareness, safe data handling, and vigilance against threats such as phishing and social engineering.

Incident Response

In the event of a security incident, Ontheside maintains a formal incident response plan. This plan outlines the processes for identifying, containing, and mitigating threats. It is regularly tested and refined to ensure we can respond quickly and effectively, with the goal of minimizing risk and ensuring transparency with our users and partners.

Contact

If you have any questions about this policy or would like to report a security issue, please contact us at team@support.onthesideworld.com.

This Security Policy was last updated on May 1, 2025.