Data Security

Your privacy is important to us. It is our policy to respect your privacy regarding any information we may collect from you across our website and other sites we own and operate.

We only ask for personal information when we truly need it to provide a service to you. We collect it by fair and lawful means, with your knowledge and consent. We also let you know why we're collecting it and how it will be used.

We only retain collected information for as long as necessary to provide you with your requested service. What data we store, we'll protect within commercially acceptable means to prevent loss and theft, as well as unauthorized access, disclosure, copying, use or modification.

We don't share any personally identifying information publicly or with third-parties, except when required to by law.

Our website may link to external sites that are not operated by us. Please be aware that we have no control over the content and practices of these sites, and cannot accept responsibility or liability for their respective privacy policies.

You are free to refuse our request for your personal information, with the understanding that we may be unable to provide you with some of your desired services.

Your continued use of our website will be regarded as acceptance of our practices around privacy and personal information. If you have any questions about how we handle user data and personal information, feel free to contact us.

At WinChilla, we are committed to providing a secure and reliable platform to help businesses grow and thrive. We implement industry-leading security measures to protect our customers' data and ensure compliance with applicable regulations.

Infrastructure Security

We utilize enterprise-grade cloud service providers to ensure the highest levels of security, availability, and performance. Our infrastructure is hosted on leading platforms such as AWS and Google Cloud, which are designed to meet rigorous security and compliance standards. These providers maintain compliance with certifications such as SOC 2, ISO 27001, and PCI-DSS.

Data Protection

We take data protection seriously and have implemented measures to safeguard sensitive information. Data is encrypted both in transit and at rest using advanced encryption protocols such as AES-256 and TLS 1.2+. Our platform adheres to industry best practices to prevent unauthorized access and data breaches.

Customer Data Protection

We follow stringent policies to ensure customer data is handled securely:

-Data Encryption: All traffic is secured in transit with Transport Layer Security (TLS) version 1.2 or 1.3, using 2,048-bit (or stronger) keys. TLS is automatically enforced for every website hosted on the platform. When data is at rest, several layers of protection are applied: platform data is encrypted with AES-256, and user passwords are salted, hashed according to industry best practices, and stored in encrypted form.

-Access Controls: Role-based access controls (RBAC) limit access to authorized personnel only.

-Backup & Disaster Recovery: Daily snapshots are taken of all production databases, retained for seven (7) days, and replicated across multiple availability zones. Restoration procedures are tested periodically to verify integrity.

-Data Segmentation: Each account is isolated through logical IDs enforced at the application and database layers.

-Data Retention Policies: Data is retained in compliance with regulatory and business requirements.

Compliance

We align with global data protection standards, including the General Data Protection Regulation (GDPR). We act as a data processor, with our infrastructure providers serving as sub-processors, ensuring compliance with data privacy requirements.

Security Measures

There are robust security measures in place to protect the platform and customer data, including:

-Employee Access Controls: Access to sensitive data is restricted based on role and responsibility.

-Security Training for Staff: Our employees undergo regular security awareness training to stay informed about best practices.

-Regular Security Assessments: We conduct periodic assessments to identify and mitigate potential vulnerabilities.

-Network & Perimeter Security: Multiple firewall and security-group layers protect every connection to our environment. By default, inbound traffic is denied unless explicitly authorised. Firewall rule-sets and ACLs are reviewed on a rolling basis, and all configuration changes undergo automated change-control workflows.

Configuration Management: All servers are provisioned from hardened, version-controlled images. If a host drifts from its baseline, automated remediation restores the approved configuration within 30 minutes.

-Application Security: Regular penetration testing and vulnerability assessments are conducted to maintain secure coding practices. Runtime protections align with the OWASP Top 10 and include managed WAF rules and DDoS mitigation at the edge.

-Logging, Alerting & Monitoring: Security-relevant events are written to a central log service with restricted write access. Automated monitors trigger alerts or self-healing actions (e.g., traffic throttling) when anomalies arise.

Customer Responsibility

While we provide a secure environment, customers play a critical role in maintaining security. We encourage customers to follow best practices, such as:

-Using strong passwords and enabling two-factor authentication.

-Limiting access to sensitive data to authorized personnel.

-Regularly reviewing account activity and security settings.

Incident Response

In the event of a security incident, we will promptly assess the situation and take appropriate actions. If a security issue is identified by our infrastructure providers, we will notify affected customers as necessary. Customers can reach out to our dedicated support team, managed by a third-party provider, for any security-related concerns.

Disclaimers

WinChilla provides platform services built on top of enterprise-grade infrastructure. While we take every measure to ensure security, we are not the direct infrastructure provider. Customers are responsible for their data management and adherence to best security practices. This document is provided for informational purposes only and does not create any contractual warranties or obligations. Security controls may evolve over time.

Continuous Improvement

We continuously review and enhance our security practices to align with evolving industry standards and regulatory requirements. For further information or inquiries, please contact our support team.