Data Security Policy

Last Updated: 10 October 2024

At Capstone AI ("we", "us", or "our"), we recognize the importance of securing sensitive data and maintaining the privacy and confidentiality of the information entrusted to us by our users, employees, and partners. This Data Security Policy outlines how we protect data against unauthorized access, alteration, and destruction, and the measures we take to ensure the security of our Platform and services.

1. Purpose

The purpose of this policy is to establish clear guidelines for safeguarding data processed by Capstone AI, including personal data, business data, and other sensitive information. This policy applies to all employees, contractors, partners, and any other entities involved in the handling of data related to Capstone AI.

2. Scope

This policy applies to:

  • All data collected, stored, or processed by Capstone AI, including personal, business, and operational data.

  • All employees, contractors, and third-party service providers who have access to data handled by Capstone AI.

  • All digital and physical systems, devices, and infrastructures used to store and process data.

3. Data Classification

We classify data into different levels based on its sensitivity:

  • Public Data: Information that can be shared openly with no risk of harm (e.g., public-facing website content).

  • Internal Data: Information that is accessible to employees within the organization and has limited external exposure.

  • Sensitive Data: Includes personal, financial, and business-critical information that must be protected against unauthorized access.

  • Confidential Data: Highly sensitive information that could cause severe harm if disclosed, such as passwords, encryption keys, or business strategies.

4. Data Protection Measures

We implement various security measures to protect data from unauthorized access, alteration, disclosure, or destruction, including:

4.1 Data Encryption

  • All sensitive and confidential data is encrypted in transit (using protocols like TLS) and at rest (using AES encryption) to ensure that unauthorized parties cannot access it.

4.2 Access Control

  • We employ strict access controls to ensure that only authorized personnel can access sensitive or confidential data.

  • Role-based access: Employees are given access to data based on their role and need for that data to perform their job.

  • Multi-factor authentication (MFA) is required for all employees accessing sensitive systems and data.

4.3 Data Masking and Anonymization

  • For certain data processing operations, we may apply data masking or anonymization techniques to ensure that sensitive data is not exposed unnecessarily.

4.4 Firewalls and Intrusion Detection Systems (IDS)

  • Our infrastructure is protected by firewalls, IDS, and antivirus systems to prevent unauthorized access and detect any suspicious activity.

4.5 Regular Security Audits

  • We conduct regular security audits, vulnerability assessments, and penetration tests to identify potential weaknesses and fix them before they can be exploited.

5. Employee Training

We provide regular data security training to all employees, contractors, and partners to ensure they understand their responsibilities in safeguarding data. This includes:

  • Proper handling of sensitive and confidential data.

  • Recognizing and reporting potential security threats (e.g., phishing attacks).

  • Best practices for data storage, transmission, and disposal.

6. Incident Response and Data Breach Notification

We have established an Incident Response Plan to address data breaches and other security incidents promptly:

  • Detection: We use monitoring tools to detect potential security incidents as early as possible.

  • Containment: In the event of a breach, we immediately contain the threat to prevent further damage.

  • Investigation: We conduct a thorough investigation to determine the root cause of the incident.

  • Notification: If a data breach occurs that impacts user data, we will notify affected users promptly, in compliance with applicable laws (e.g., GDPR, CCPA).

7. Third-Party Services

When working with third-party vendors or service providers who handle data on our behalf, we ensure they comply with the same high standards of data security by:

  • Conducting due diligence to assess their data security practices.

  • Entering into data protection agreements to ensure compliance with privacy laws and data security standards.

  • Monitoring their performance and security practices regularly.

8. Data Retention and Disposal

We only retain data for as long as it is necessary to fulfill business or legal requirements. Once data is no longer needed:

  • It is securely deleted or anonymized.

  • All physical devices containing data are properly wiped, and hardware is disposed of following secure disposal protocols.

9. Data Subject Rights

Users have the right to request access to, correction of, or deletion of their personal data. We respect these rights and provide mechanisms for users to manage their data privacy preferences.

  • Access: You can request to access the data we have stored about you.

  • Correction: You can request corrections if any of your personal data is inaccurate.

  • Deletion: You may request the deletion of your personal data, subject to legal retention requirements.

10. Compliance with Laws and Regulations

We comply with all applicable data protection laws and regulations, including:

  • General Data Protection Regulation (GDPR) (EU)

  • California Consumer Privacy Act (CCPA) (California, USA)

  • Health Insurance Portability and Accountability Act (HIPAA) (if applicable)

  • Other relevant data protection laws and industry standards.

11. Review and Updates

We review this Data Security Policy regularly to ensure its effectiveness and make updates when necessary. The most recent version of this policy will be posted on our website.

12. Contact Us

If you have any questions or concerns about this Data Security Policy or wish to report a security incident, please contact us at:

Capstone AI
30 North, Gould Street
Sheridan, Wyoming, 82801
Email: info@capstone-ai.com

Conclusion

At Capstone AI, we are committed to protecting your data by implementing robust security measures and following best practices. We aim to ensure that your data remains secure and confidential while you interact with our platform.

Capstone AI

AI-driven solutions for mining operations and analytics.

get in touch

© 2025. All rights reserved.

Menu

Home

Insights

Contact

Site Information

Terms of Use

Privacy

Anti Slavery Policy

Cookie Policy

Data Security