Effective: 10 November, 2015
Each person and each team using AntBuddy expects their data to be secure, confidential, and private. We, HTK Inc, understand how important this is to our customers and work to the best of our abilities to ensure all three expectations are met. Please review the information below regarding our current policies and practices, along with our Privacy Policy and Terms of Service. This is a living document and we will update it as our service evolves and industry practices change.
Security
As a company, we use the AntBuddy service for nearly all of our communication. Ensuring that the AntBuddy service remains secure is vital to protecting our own data. The security of your information is required for our success as a business. Below are some details on our security practices. The security safeguards that we use to protect your data vary based on the sensitivity of the information that we collect, process and store and the current state of technology.
Encrypted Traffic by Default, in Both Directions
AntBuddy supports TLS 1.2 for all of your messages, and uses the ECDHE_RSA Key Exchange Algorithm. We monitor the security community's output closely and work promptly to upgrade the service to respond to new vulnerabilities as they are discovered.
Secure Physical Location
Our servers are located in Viettel IDC data centers. They are the leading server provider in Vietnam. Currently, they have 4 data centers which meet Tier 3 international standards, providing services for the Government, financial institutions, and multinational companies.
Experienced Team
Even before AntBuddy, we've been putting services on the internet for a long time. We're good at it. Our engineering, quality assurance and technical operations team members are experienced and keep their skills up to date as industry best practices evolve. We’ve coded, tested and administered services running on thousands of physical servers in data centers around the world and we bring the collective wisdom that comes with many decades of secure practice to the operation of the AntBuddy service.
Security Features for Team Members & Administrators
The highest security risk to any system is usually the behavior of its users. We want to provide you with the tools you need to protect your own data. For example, we log every time your account is signed in to, noting the device used and location of the connection, and make these access logs available to you. Team administrators can review consolidated access logs for the whole team. We also make it easy for each user to remotely close all AntBuddy connections and sign out all devices authenticated with their AntBuddy credentials at any time (so if you or one of your teammates lose your phone or laptop, you don't have as much to worry about). We will continue to roll out additional features which afford you more control over the security of your own AntBuddy team. We will also be adding more options for team administrators to set internal security policies, such as establishing password strength requirements.
Availability
We understand that you rely on AntBuddy to work. We're committed to making AntBuddy a highly-available, ultra-reliable service that you can always count on. We build systems that tolerate the failure of individual computers or whole data centers, keep many copies of your data online for redundancy, practice disaster-recovery measures often, and always have staff on-call to quickly resolve unexpected incidents.
Confidentiality
We regard the information you share within your AntBuddy team as private and confidential to your team. We place strict controls over our employees’ access to internal data and are committed to ensuring that your data is never seen by anyone who should not see it. While the operation of the AntBuddy service would not be possible unless there were some technical employees with sufficient system permissions to enable them to access and control software that stores and indexes the content you add to your AntBuddy team, this team is kept purposefully small and are prohibited from using these permissions to view customer data unless it is necessary to do so. All of our employees and contractors are bound to our policies regarding customer data and we treat these issues as matters of the highest importance within our company. If, in order to diagnose a problem you are having with the service, we would need to do something that would expose your personal communications to one of our employees in a readable form, we will ask for your consent prior to taking action. Our platform will automatically generate an audit entry of any such access. There are limited circumstances when we ever share customer content without first obtaining permission. These are outlined in our Privacy Policy.