Security Policy

Security Principles

Fresso Labs applies three core security principles: Confidentiality — ensuring information is accessible only to those who are authorised; Integrity — safeguarding the accuracy and completeness of information and processing methods; Availability — ensuring that authorised users have access to information and systems when required.

Technical Safeguards

Our technical security measures include: encryption of data in transit using TLS protocols; encryption of sensitive data at rest; role-based access controls and multi-factor authentication where appropriate; regular security assessments and vulnerability testing; and firewall and intrusion detection systems.

Organisational Measures

Our organisational security measures include: security awareness orientation for all personnel; role-based access controls limiting system access to what is necessary; defined procedures for handling sensitive and confidential information; and confidentiality obligations with all employees and relevant third-party service providers.

Incident Response

In the event of a data security incident, Fresso Labs has established procedures to detect, contain, investigate, and remediate the incident promptly. Affected parties and relevant regulatory authorities will be notified in accordance with applicable legal obligations under the Digital Personal Data Protection Act 2023 and other applicable law.

Third-Party Security

Where Fresso Labs engages third-party service providers who process personal or confidential data on our behalf, we conduct appropriate due diligence to ensure they maintain security standards consistent with our own, and we enter into contractual obligations to that effect.

Reporting a Security Concern

If you discover a security vulnerability or have a concern related to Fresso Labs systems or data, please report it immediately to hello@fressolabs.com. We take all security reports seriously and will respond promptly. We do not take legal action against individuals who report genuine security concerns in good faith.