Security Policy

Art Unlock Inc. (“Art Unlock”, “we”, “us”, “our”) is committed to maintaining the confidentiality, integrity, and availability of the Platform and the personal data it processes.

This Security Policy outlines the technical and organizational measures implemented to protect Art Unlock’s systems and user information.

1. Security Framework & Compliance

Art Unlock’s security practices are designed to align with internationally recognized standards, including:

  • SOC 2 (Trust Services Criteria)
  • ISO/IEC 27001 principles
  • GDPR security requirements
  • CCPA/CPRA requirements
  • NIST Cybersecurity Framework

Although Art Unlock is not currently certified under all frameworks, its internal controls reflect their core principles.

2. Data Encryption

2.1 Encryption in Transit

All data transmitted between client devices and the Platform is protected using:

  • TLS 1.2 or higher
  • HTTPS for all public-facing endpoints

2.2 Encryption at Rest

Personal data stored by Art Unlock is encrypted using industry-standard algorithms, such as AES-256 or stronger.

Art Unlock does not store raw payment information. All financial transactions are processed by PCI-DSS–compliant third-party providers (e.g., Stripe, PayPal).

3. Access Control & Authentication

3.1 Role-Based Access Control (RBAC)

Access to internal systems is restricted based on:

  • Job role
  • Need-to-know principle
  • Minimum access privilege

3.2 Multi-Factor Authentication (MFA)

Art Unlock employees and administrators use MFA for all internal system access where technically feasible.

3.3 Employee Confidentiality

All employees with system access must sign:

  • Confidentiality agreements
  • Access control acknowledgments
  • Security and privacy training documentation

4. Infrastructure Security

4.1 Secure Hosting

Art Unlock uses secure cloud infrastructure from reputable providers with:

  • Physical security controls
  • Redundant data centers
  • Environmental protections
  • 24/7 monitoring

4.2 Firewalls & Network Protection

Protections include:

  • Firewall filtering
  • DDoS protection
  • Bot detection
  • Intrusion detection systems (IDS)

4.3 System Hardening

Servers and applications follow secure configuration guidelines, including:

  • Regular patching
  • Least-privilege configuration
  • Removing unused services
  • Restricting administrative ports

5. Application Security

5.1 Secure Development Practices

Art Unlock follows secure coding principles, including:

  • OWASP Top 10 compliance
  • Code reviews
  • Automated static and dynamic analysis tools
  • Dependency monitoring for vulnerabilities

5.2 Vulnerability Management

  • Regular scanning of environments
  • Prompt remediation of identified risks
  • Vendor patches applied as needed

5.3 Penetration Testing

Art Unlock may conduct independent penetration tests periodically to assess system resilience.

6. Monitoring & Incident Response

6.1 Logging & Monitoring

Art Unlock monitors:

  • Access logs
  • System activity
  • Authentication attempts
  • Suspicious behavior patterns

6.2 Incident Response Plan

In the event of a security incident:

  • Art Unlock will investigate promptly
  • Mitigation steps will be taken immediately
  • Affected systems will be isolated if necessary
  • Legal obligations will be followed

6.3 Breach Notification

If personal data is compromised, Art Unlock will notify affected users and regulators (if applicable) within required timeframes, such as 72 hours under GDPR.

7. Data Retention & Disposal

7.1 Retention

Data is retained only as long as necessary for:

  • Providing services
  • Fulfilling legal obligations
  • Security, audit, or compliance requirements

7.2 Secure Disposal

Upon deletion requests or account closure:

  • Data is permanently removed within 30 business days
  • Backups and logs may be preserved only where required
  • Secure erasure methods are used

8. User Responsibilities

To maintain security, Users must:

  • Use strong passwords
  • Keep login credentials confidential
  • Report suspicious activity immediately
  • Avoid uploading malicious files or code
  • Comply with all Art Unlock policies, including the Acceptable Use Policy (AUP)

Art Unlock is not responsible for loss caused by compromised user accounts due to weak passwords or user negligence.

9. Third-Party Service Providers

Art Unlock uses trusted service providers (“Sub-Processors”) that meet high security standards. These providers are required to:

  • Sign data protection agreements
  • Implement robust security measures
  • Process data only under Art Unlock’s instructions

Examples include:

  • Hosting providers
  • Payment gateways
  • Analytics systems
  • Email delivery services

Art Unlock conducts periodic reviews of third-party security compliance.

10. Business Continuity & Disaster Recovery

Art Unlock maintains measures to ensure service continuity, including:

  • Data redundancy
  • Regular encrypted backups
  • Disaster recovery planning
  • Failover capabilities

These measures help protect availability in case of outages or emergencies.

11. Policy Updates

Art Unlock may update this Security Policy periodically to reflect:

  • Evolving threats
  • New technologies
  • Regulatory changes
  • Platform updates

The latest version will always be available on the Platform.

Art Unlock Inc.
New York, United States of America