Introduction

Our Company and Products

DutchTexan is committed to providing a robust, all-in-one platform to manage your sales, marketing, and customer relationships. We recognize the vital role our platform plays in your business operations and are dedicated to ensuring its security and compliance.

Our AI-powered platform offers numerous features essential to your success. We encourage you to leverage the full capabilities of the DutchTexan platform to achieve your business goals.

DutchTexan Security and Risk Focus

Our primary security focus is safeguarding your data. We have invested in appropriate controls to protect and service our accounts. This includes implementing dedicated corporate, product, and infrastructure security programs overseen by our Legal Team and other departments.

Our Security and Compliance Objectives

We have developed our security framework using SaaS industry best practices, with key objectives including:

Account Trust and Protection: Deliver superior products while protecting your data's privacy and confidentiality.

Availability and Continuity of Service: Ensure service availability and minimize continuity risks.

Information and Service Integrity: Ensure your information is never corrupted or altered inappropriately.

Compliance with Standards: Aim to comply with or exceed industry standard best practices.

DutchTexan Security Controls

To protect entrusted data, DutchTexan employs layers of administrative, technical, and physical security controls across our organization. Below are answers to frequently asked questions about our controls.

Infrastructure Security

Cloud Hosting Provider

DutchTexan does not host product systems or data within physical offices. We outsource hosting to leading cloud providers like Google Cloud Platform and Amazon Web Services. Our infrastructure is based in the United States, relying on Google’s and AWS’s audited security and compliance programs.

Google offers a monthly uptime of at least 99.5%. More information on their controls and compliance measures is available on their Compliance Resource Center.

AWS ensures service reliability between 99.95% and 100%, with redundancy in power, network, and HVAC services. Their business continuity and disaster recovery plans are validated in their SOC 2 Type 2 report and ISO 27001 certification. AWS compliance documentation and audit reports are available on their Cloud Compliance Page and Artifacts Portal.

Network and Perimeter

DutchTexan enforces multilayer filtering and inspection on all connections across our web application. Network access control lists prevent unauthorized access. Firewalls are configured to deny unauthorized connections. Changes to our systems are controlled by standard processes, and firewall rules are reviewed periodically.

Configuration Management

Automation enables DutchTexan to scale with account needs, and rigorous configuration management is embedded in our infrastructure processing. Our highly automated environment expands capacity as needed. Server configurations are embedded in images and configuration files. Configuration changes are managed through a controlled change pipeline. Deviations from configuration baselines are detected and reverted within a predefined timeframe.

Logging

Actions and events within the DutchTexan application are comprehensively logged and stored in a central logging solution. Security logs are retained for investigation and response. Write access to log storage is tightly controlled and limited to essential personnel.

Alerting and Monitoring

DutchTexan invests in automated monitoring and alerting to address potential issues continuously. Our infrastructure alerts engineers to anomalies, triggering automatic responses or alerts for investigation and correction. Automated triggers respond to anomalous situations with predefined actions.

Application Security

Web Application Defenses

All account content is protected by firewall and application security. Monitoring tools alert on malicious behavior. Rules align with OWASP Top 10 guidelines, and protections from DDoS attacks are incorporated.

Development and Release Management

DutchTexan employs a modern continuous delivery approach to software development. Code reviews, testing, and merge approvals precede deployment. Static and dynamic testing identify vulnerabilities. Deployment is automated, and failure rollbacks are in place. Feature changes are communicated through in-app messages or updates.

Vulnerability Management

DutchTexan employs a multi-layered approach to vulnerability management using industry-recognized tools. Vulnerability scans and penetration tests identify risks, which are assessed and mitigated accordingly.

Customer Data Protection

Data Classification

Per our Terms of Service, you are responsible for capturing appropriate information. The DutchTexan platform should not be used to store sensitive information, such as credit card numbers, unless permitted.

Tenant Separation

DutchTexan provides a multi-tenant SaaS solution with logical data separation. Authorization rules are continuously validated, and application authentication changes are logged.

Encryption

Data is encrypted in transit with TLS and at rest with AES-256 encryption. Passwords are hashed and encrypted following industry best practices.

Key Management

Encryption keys are securely managed, with TLS certificates renewed annually. At-rest encryption keys are stored in a Key Management System (KMS).

Data Backup and Disaster Recovery

System Reliability and Recovery

DutchTexan minimizes system downtime with redundancy built into services. Infrastructure is distributed across multiple availability zones.

Backup Strategy

Backups occur regularly with a seven-day retention period. Backup success is monitored, and alerts are generated for failures. Data is backed up daily to the local region.

Physical Backup Storage

DutchTexan leverages public cloud services for backup, without physical storage media.

Backup Protections

Backups are protected through access control restrictions and WORM protections.

Account Data Backup Restoration

Disaster recovery is managed by DutchTexan. Accounts can recover data within 30 days using the recycle bin. Data synchronization options are available.

Identity and Access Control

Product User Management

DutchTexan allows granular authorization rules. Accounts manage user privileges and access.

Product Login Protections

DutchTexan enforces a password policy and two-factor authentication. Administrators can require two-factor authentication for all users.

DutchTexan Employee Access to Account Data

Access to Production Infrastructure

User access to data stores and infrastructure is controlled via role-based access. Direct network connections are prohibited.

Access to Account Portals

Support and engagement staff have limited access to help accounts. Portal JITA provides temporary access for specific tasks.

Corporate Authentication and Authorization

Access to DutchTexan's network requires multifactor authentication. Password policies adhere to industry standards. Permissions are reviewed semi-annually.

Organizational and Corporate Security

Background Checks and Onboarding

DutchTexan conducts background checks and requires acknowledgment of security responsibilities.

Policy Management

DutchTexan maintains written policies and procedures, reviewed annually.

Security Awareness Training

Employees complete CyberSafety training, including phishing awareness.

Vendor Management

DutchTexan ensures vendor security and privacy controls. Sub-processors are listed in our Data Processing Agreement.

Endpoint Protection

Company laptops are centrally managed with full disk encryption. Mobile Device Management ensures compliance with policies.

Compliance

Sensitive Data Processing and Storing

Refer to our Terms of Service and Privacy Policy for data processing details. DutchTexan does not store credit card information, relying on PCI-compliant processors.

Privacy

DutchTexan does not sell personal data. Protections ensure data privacy and integrity.

Data Retention and Data Deletion

Account data is retained while active. Data deletion requests are fulfilled per privacy regulations. Logs are retained for compliance needs.

Privacy Program Management

DutchTexan's Legal Team collaborates with engineering and product teams for privacy program implementation.