GDPR & Compliance

Terms of ServiceDPASecurityPrivacy policyAI PolicyLegal FAQ

Security

At Meetric, safeguarding personal data is a top priority. Our security framework is designed to ensure compliance with the General Data Protection Regulation (GDPR) while maintaining the confidentiality, integrity, and availability of personal data processed in our EU-based cloud service. We achieve this through a layered approach that integrates robust technical controls with rigorous organizational policies.

  1. Data Protection Officer (DPO)
    Meetric has appointed a dedicated Data Protection Officer responsible for overseeing our data protection strategies, conducting regular compliance audits, and managing data subject requests. The DPO also serves as our primary liaison with regulatory authorities. For any data protection inquiries, please contact: dpo@meetric.com.
  2. Data Encryption
    • Data in Transit: We secure all data transmitted over our networks using TLS 1.2/1.3 protocols to prevent interception and unauthorized access.
    • Data at Rest: Sensitive data is encrypted using AES-256. Key management practices include the use of Hardware Security Modules (HSMs), regular key rotation, and strict access controls to ensure keys are handled secure.
  3. Secure Development Practices
    We maintain a robust security posture from the earliest stages of development by integrating a comprehensive suite of security tools directly into our CI/CD pipelines.
    Our pipelines include:
    • Static Application Security Testing (SAST): Scanning our codebases to identify potential vulnerabilities early in the development process.
    • Interactive Application Security Testing (IAST): Continuously monitoring running applications to detect vulnerabilities in real time.
    • Software Composition Analysis (SCA): Analyzing third-party components to manage and mitigate risks associated with open-source software.
    By embedding these automated security measures into our development lifecycle, we proactively address potential risks and ensure that security remains a foundational element of our software delivery process.
  4. Access Control
    • We enforce role-based access control (RBAC) and implement multi-factor authentication (MFA) to ensure that only authorized personnel can access sensitive data.
    • Access rights are assigned based on the principle of least privilege and are reviewed periodically.
    • Comprehensive logging and monitoring mechanisms are in place to detect and respond to any unauthorized access attempts.
  5. Data Backup and Recovery
    • Regular backups are performed daily and stored securely in geographically diverse locations to safeguard against data loss.
    • Our backup strategy is underpinned by clearly defined Recovery Time Objectives (RTO) and Recovery Point Objectives (RPO).
    • We conduct periodic disaster recovery drills to ensure rapid restoration of data and continuity of service in the event of an incident.
  6. Network Security
    • Our network infrastructure is protected by industry-leading firewalls, intrusion detection/prevention systems (IDS/IPS), and strategic network segmentation.
    • We perform regular vulnerability assessments and penetration tests to proactively identify and mitigate potential security weaknesses.
  7. Regular Updates and Patch Management
    • A robust patch management process ensures that all software and systems are kept up to date.
    • Critical updates are tested and deployed promptly to address any vulnerabilities.
    • An up-to-date inventory of software and systems supports comprehensive and timely patching across the infrastructure.
  8. Employee Training and Awareness
    • All employees receive regular training on data protection, security best practices, and GDPR compliance.
    • Training programs include periodic refresher courses and simulated phishing exercises to maintain a high level of security awareness.
    • We assess training outcomes continuously, ensuring that our team remains informed about evolving threats and compliance requirements.
  9. Data Protection Impact Assessments (DPIAs)
    • Prior to introducing new processing activities or making significant changes, we conduct DPIAs to identify and mitigate potential risks to personal data.
    • DPIAs are thoroughly documented and reviewed periodically, ensuring that risk management remains an ongoing process.
  10. Incident Response and Monitoring
    • Meetric maintains a comprehensive incident response plan that outlines clear procedures for detecting, containing, and mitigating security incidents.
    • We employ a Security Information and Event Management (SIEM) system for centralized logging and real-time monitoring, enabling rapid identification and response to anomalies.

By integrating these measures, we demonstrate a strong commitment to data protection and regulatory compliance. Our security practices are continuously reviewed and enhanced to stay ahead of emerging threats and ensure the ongoing safety of personal data entrusted to

Last changed 2025-02-06