Logo

Policies & Procedures

Disciplinary Process

We have a disciplinary process for non-compliance with information security policy, and employees are informed of the consequences.

Employee Termination

An employee termination process is in place to ensure secure handling of company data and systems upon employee departure.

Security Baselines

Documented information security baselines are established for infrastructure components, ensuring compliance with security standards.

Data Retention and Disposal

We have a comprehensive Data Retention and Disposal Policy that complies with legal, statutory, and regulatory requirements, including GDPR. This policy ensures secure data purging and destruction when data is no longer required.

Policy Reviews

Privacy and security policies are reviewed annually and approved by management, ensuring alignment with the latest regulations, including GDPR.

Encryption Policies

We have implemented a Data Encryption Policy to safeguard sensitive information, including AES 256-bit encryption for data at rest and in transit.

SLAs with Providers

Policies and procedures maintain accurate and relevant SLAs between providers and customers. Filtroo collaborates with service providers such as:

  • Payment Gateway Providers
  • Debit Card Connection Providers
  • Gift Card Providers in the Marketplace
  • Public APIs of Social Media Platforms

Each provider is independently responsible for their data management practices. Filtroo does not assume liability for how these providers handle user data. Users are encouraged to review their privacy policies for more information.

Media Handling

Media handling procedures, including secure storage, labeling, and destruction, are in place to ensure data protection throughout its lifecycle.

Information Security Policies

Written information security policies are reviewed annually and approved by senior management, ensuring a robust security framework.

Password Management

A documented Password Management Policy ensures secure password creation, storage, and usage across systems.

Access Control

Access to sensitive data systems is restricted based on need and approval, governed by a documented Access Control Policy.

Software Development Lifecycle (SDLC)

Our SDLC integrates security measures, including secure coding principles and regular code reviews.

Third-Party Risk Management

A documented Third-Party Risk Management Program oversees subcontractors and service providers, ensuring compliance with privacy and security standards.

Incident Management

A dedicated Incident Management Response Team handles security incidents with defined roles and responsibilities.

Two-Factor Authentication

Two-factor authentication is implemented for critical applications to enhance security.

Team Segregation

Development teams are segregated from production environments to maintain system integrity.

Data Use in Challenges Sponsored by Third Parties

When users participate in challenges sponsored by third-party brands, the following applies:

  • Data Collection: Data collected may include contact information (e.g., name, email) and activity data (e.g., survey responses, social media interactions).
  • Purpose: Data is used to facilitate participation, grant rewards, and—only with explicit user consent—enable direct communication from sponsoring brands.
  • User Consent: Participation is voluntary, and data sharing with brands requires explicit consent. Users retain control over their data.
  • Security Measures: Both Filtroo and sponsoring brands apply appropriate security measures to protect user data.

Media Labeling

Media protection procedures are implemented, ensuring secure handling of sensitive materials.

Business Continuity Plan (BCP)

Our Business Continuity Plan ensures service availability during extreme situations, including power outages or natural disasters, and is tested annually.

Password Security

Password security controls are deployed across application, OS, database, and network layers.

Change Management

A documented Change Management Process governs all changes to the production environment to ensure stability and security.

Asset Classification

An Asset Classification Policy maps assets to information classification policies, ensuring appropriate handling of sensitive data.

Mobile Computing Security

Policies address risks associated with mobile computing, including physical protection, access controls, cryptographic techniques, and virus protection.

Acceptable Use Policy

A documented Acceptable Use Policy outlines guidelines for using information assets securely.

Information Security Responsibilities

Roles and responsibilities for information security are defined and communicated to all employees.

Incident Response Plan

An Incident Response Plan ensures effective management of information security incidents.

Password Hashing

Passwords are hashed using SHA512 with unique salts to ensure secure storage.

Change Control Procedures

Change control procedures are in place to manage program source code and associated items.

Contingency Planning

A documented contingency plan is reviewed and tested annually to ensure readiness in the event of system disruptions.

External File Sharing

Controls are enforced to secure external file sharing.

Facility Security

Policies document repairs and modifications to physical components related to security.

Data Backup

Data backups are performed daily and securely stored on AWS infrastructure.

Data Purging

Our Data Retention and Disposal Policy ensures secure data purging aligned with GDPR requirements.

Security Incident Reporting

Our Incident Management Framework includes processes for identifying, managing, and communicating security incidents.

Cybersecurity Policy

Defined cybersecurity policies and standards are reviewed and implemented to mitigate risks.

Scope and Application of Policies

All actions, decisions, and procedures outlined in the company’s contracts and policies, as well as the enforcement of terms and conditions, will be the exclusive responsibility of Filtroo Estonia. Filtroo Estonia is the sole entity authorized to implement and oversee all measures detailed in these documents, ensuring adherence to relevant laws and regulations. The entity in the USA will not be involved in or held accountable for any of the activities or obligations set forth in these contracts and policies.

By engaging with our services, users acknowledge and agree that Filtroo Estonia will be solely responsible for managing all aspects of their interaction with the company's services, including data management, customer support, and the application of contractual terms.