Sno LogoSnoBack to Sno

Security Policy

Effective Date: December 15, 2024

At Sno AI Corporation ("Sno AI," "we," "us," or "our"), we are committed to protecting the security and integrity of your data. This Security Policy describes the measures we implement to safeguard your information and maintain the trust you place in us.

1. Our Security Commitment

Security is foundational to our Service. We employ industry-standard security practices and continuously evaluate and improve our security posture to protect against evolving threats.

2. Infrastructure Security

Our infrastructure is hosted on leading cloud platforms that maintain rigorous security certifications. We implement:

  • Encryption in transit (TLS 1.2+) for all data communications;
  • Encryption at rest for stored data;
  • Network segmentation and firewalls;
  • DDoS protection and mitigation;
  • Regular security patching and updates;
  • Geo-redundant data backups.

3. Application Security

We follow secure development practices including:

  • Security-focused code reviews;
  • Static and dynamic application security testing;
  • Dependency vulnerability scanning;
  • Regular penetration testing by qualified professionals;
  • Bug bounty considerations for responsible disclosure.

4. Authentication and Access Control

We implement robust authentication mechanisms:

  • Strong password requirements with secure hashing;
  • Multi-factor authentication (MFA) support;
  • OAuth 2.0 for third-party integrations;
  • Session management with automatic expiration;
  • Role-based access control (RBAC) for team features.

Internal access to production systems is restricted to authorized personnel, requires MFA, and is logged for audit purposes.

5. Data Protection

  • Personal data is encrypted at rest and in transit;
  • Access to customer data is logged and monitored;
  • Data is processed only as necessary to provide the Service;
  • We maintain data retention policies aligned with our Privacy Policy;
  • Secure data deletion procedures upon account termination.

6. Third-Party Security

We carefully evaluate the security practices of our service providers, including AI providers, cloud infrastructure, and payment processors. We require appropriate security commitments and review their compliance certifications.

7. Compliance and Standards

We are committed to achieving and maintaining relevant security certifications. Our security program is designed with the following frameworks in mind:

  • SOC 2 Type II (in progress);
  • GDPR compliance for European users;
  • CCPA compliance for California residents;
  • Industry best practices (OWASP, NIST guidelines).

8. Incident Response

We maintain a comprehensive incident response plan that includes:

  • 24/7 monitoring and alerting;
  • Defined escalation procedures;
  • Incident classification and prioritization;
  • Containment, eradication, and recovery procedures;
  • Post-incident analysis and improvement;
  • Notification to affected users and authorities as required by law.

In the event of a security incident affecting your data, we will notify you promptly in accordance with applicable legal requirements.

9. Employee Security

  • Background checks for employees with access to sensitive systems;
  • Security awareness training;
  • Principle of least privilege for system access;
  • Secure onboarding and offboarding procedures;
  • Confidentiality agreements.

10. Your Responsibilities

Security is a shared responsibility. We encourage you to:

  • Use a strong, unique password for your account;
  • Enable multi-factor authentication when available;
  • Keep your devices and browsers updated;
  • Be vigilant against phishing attempts;
  • Log out of shared or public devices;
  • Report any suspicious activity to us immediately.

11. Security Reporting

If you discover a security vulnerability, please report it to us responsibly at [email protected]. We appreciate the security research community and will work with you to understand and address any issues.

12. Updates to This Policy

We may update this Security Policy from time to time to reflect changes in our practices or regulatory requirements. Material changes will be communicated through the Service or by updating the Effective Date above.

13. Contact Us

If you have any questions about our security practices, please contact our security team at [email protected]

Sno AI Corporation
A Delaware Corporation