Privacy Policy

Purpose

The purpose of this Information Security Policy is to safeguard the confidentiality, integrity, and availability of TabEdge’s systems, data, and customer information.
This policy ensures compliance with applicable laws, regulations, and industry standards, including the Payment Card Industry Data Security Standard (PCI-DSS).

This policy applies to all TabEdge employees, contractors, third-party vendors, and any parties with access to TabEdge's information systems.
It covers all data, infrastructure, applications, and processes associated with TabEdge.

Protect customer and company data from unauthorized access or disclosure.
Ensure the accuracy and reliability of data and systems by implementing validation and error detection protocols.
Maintain continuous uptime for TabEdge’s services and implement disaster recovery mechanisms to minimize downtime.

Access Control: Enforce role-based access control (RBAC) and multi-factor authentication (MFA).
Data Protection: Encrypt customer data at rest using AES-256 and in transit using TLS 1.2+.
PCI-DSS Compliance: Partner with PCI-DSS-compliant providers and undergo annual compliance audits.
Incident Management: Implement an incident response plan and report security incidents within 24 hours.
Third-Party Vendor Management: Vendors must adhere to security standards such as GDPR, CCPA, and PCI-DSS.
Training and Awareness: Employees receive annual cybersecurity training, including phishing awareness.

Daily backups of critical data are stored in geographically separate locations.
The disaster recovery plan ensures services are restored within 4 hours of a major disruption.

Security monitoring tools detect unauthorized access, malware, or anomalies in real-time.
Logs are maintained for 12 months and reviewed for PCI-DSS compliance.

This Information Security Policy is reviewed annually or as needed to address evolving threats, regulatory updates, and business changes.