CARE Platform

Security & Privacy Policy

Your data's security is our highest priority.

Last Updated: August 2025 | Effective: January 2023

Purpose and Scope

SidLabs Online LLP ("SidLabs") is committed to maintaining the highest standards of information security to protect the confidentiality, integrity, and availability of all data entrusted to us. This Security Policy applies to all staff, contractors, partners, applications, and services associated with SidLabs globally.

Our policies align with globally recognised security frameworks, including:

ISO/IEC 27001

Information Security Management

GDPR

General Data Protection Regulation (EU)

HIPAA

Health Insurance Portability & Accountability Act

CCPA

California Consumer Privacy Act

OWASP

Web Application Security Standards

Data Collection and Use

SidLabs minimises data collection to only what is strictly necessary for delivering agreed services, improving product performance, and meeting our legal and contractual obligations. We do not sell or rent personal data to third parties.

Data Security Controls

Encryption

  • All data in transit is encrypted using TLS 1.2+.
  • All data at rest is encrypted using industry-standard AES-256.
  • Encryption keys are managed in a secure Key Management System (KMS).

Access Control

  • Role-Based Access Control (RBAC) and the Principle of Least Privilege (PoLP) are enforced across all systems.
  • Multi-Factor Authentication (MFA) is mandatory for all administrative access.

Data Confidentiality & Privacy

We process personal data in compliance with GDPR Article 5 principles (lawfulness, fairness, transparency, etc.). For projects involving sensitive data, we implement HIPAA-compliant safeguards and sign client-specific Non-Disclosure Agreements (NDAs) before project initiation.

Data Retention & Deletion

Personal data is retained only as long as necessary. We use secure deletion methods (e.g., NIST SP 800-88) for data disposal when the retention period expires.

Incident Response Plan

In the event of a security incident, our plan ensures rapid detection, containment, investigation, and remediation. If required by law (e.g., GDPR Art. 33), affected clients and regulators will be notified within 72 hours of breach discovery.

Third-Party & Vendor Security

All third-party vendors undergo rigorous security due diligence before engagement. Contracts include strict data protection clauses, and vendor access to our systems is monitored, logged, and time-limited.

Application Security

We enforce a secure software development lifecycle (SDLC), including mandatory code reviews. Critical vulnerabilities (CVSS score ≥ 7.0) are remediated within 72 hours. Data shared via our applications is anonymised unless user identification is contractually required.

Your Rights as a User

You have the right to access, correct, delete, or port your personal data. You may also object to certain types of processing. To exercise these rights, please contact our privacy team.

privacy@sidlabs.net

Compliance & Audits

SidLabs conducts annual internal security audits. Evidence of compliance and results from third-party audits can be made available to clients under a Non-Disclosure Agreement.

Disclaimer & Limitation of Liability

While SidLabs applies industry-leading security measures, no system is entirely immune from risk. SidLabs is not liable for breaches caused by client negligence, third-party misuse, or incidents arising from client-side integrations beyond our control.

Contact Information

For any security-related concerns or to report a suspected incident, please contact our Security Officer.

Security Officer, SidLabs Online LLP

administration@sidlabs.net
https://www.sidlabs.net