StartupSpider takes cyber security and digital resilience very seriously. We understand that our users always expect our services to be available and their data to be kept secure. We work hard to manage security risks and stay ahead of possible threats by maintaining focus on the following areas:
1. Secure code development
We are committed to best practices for secure software development. Our code is developed with OWASP Top 10 in mind and reviewed with automatic tools.
2. Data encryption
We use HTTPS by default to protect information that our users transmit throughout the platform, in accordance with industry standards.
3. Availability and digital resilience
We have a high-availability solution that protects our infrastructure against Distributed Denial of Service (DDoS) attacks. Additionally, our services use a Web Application Firewall (WAF) that protects the platform from malicious activities that could compromise our data.
The Services may be unavailable for scheduled maintenance and other purposes, or because of unplanned outages or other malfunctions. We are not responsible if the Services are unavailable or if you lose any data, information or User Content for any reason.
4. Authentication
To use many of the Services, you will need to register and create an account with a username and password. You must provide us accurate and complete information and you must update your account information as needed to keep the information accurate and complete. You may not impersonate anyone else, choose a username that may offend someone, or violate any individual’s rights. If you do so, we may cancel your account. You are solely responsible for maintaining the confidentiality of your account and for all activities associated with or occurring under your account. If you suspect or discover any unauthorized use of your account, you should notify StartupSpider immediately by contacting us. To the extent permissible under applicable law, we are not responsible for any loss or damage arising from your failure to comply with the foregoing requirements or as a result of use of your account with or without your knowledge.
5. Third party security
Like many businesses, we use certain third‑parties to support the services we provide to our users. We ensure that third parties are properly assessed in line with our security, outsourcing and data residency policies and procedures and reviewed on a regular basis.
For the connected Crowdfunding platforms, we cannot take responsibility.
6. Incident and vulnerability reporting
We strive to implement high standard of cyber security and digital resilience, but incidents or vulnerabilities may occur. If you would like to report or provide feedback on any issue please contact our Information Security Director on security@StartupSpider.com. We treat any such report or feedback as high priority and will address them as soon as possible.
7. Payment security
When you make a payment using StartupSpider, we use a third-party provider.
8. Industry collaboration
We work closely with other peers and organizations that meet industry standards, to improve our cyber security and digital resilience. We often take part in security forums, conferences and private discussion groups to stay ahead of threats to our business.
9. Human resources security
StartupSpider employees receive security awareness training on an ongoing basis and are required to adhere to our information security procedures. Any incidents of non-compliance are dealt with by our Information Security Director or by the CTO, who has full access to the StartupSpider Board.