Last Updated: 8/4/2023
Hero Link is owned and operated by Hero Link, LLC.
This Security Compliance Statement ("Statement") is incorporated into and made part of the Terms of Service for Hero Link, LLC ("Hero Link", "we", "us", or "our"). It outlines our commitment to maintaining the confidentiality, integrity, and availability of data through industry-standard security practices.
1. SECURITY COMMITMENT
Hero Link maintains robust security controls designed to protect customer data from unauthorized access, disclosure, alteration, and destruction. Our practices are modeled on industry-recognized standards including SOC 2, GDPR, and HIPAA (where applicable).
2. DATA ENCRYPTION
In Transit: All data transmitted to and from Hero Link services is encrypted using TLS 1.2 or higher.
At Rest: Customer data is encrypted at rest using strong encryption protocols (e.g., AES-256), including backups and stored logs.
3. ACCESS CONTROLS
Role-based access controls (RBAC) are enforced across all systems, limiting data access to only those with a need-to-know basis.
All administrative access is secured using multi-factor authentication (MFA).
Employee access is reviewed regularly and immediately revoked upon termination or role change.
4. AUDIT LOGGING AND MONITORING
Hero Link continuously monitors its infrastructure and applications for security events. Audit logs are maintained, reviewed, and stored securely for incident investigation and compliance tracking.
5. INFRASTRUCTURE SECURITY
Our infrastructure is hosted on secure, enterprise-grade cloud providers with robust physical security, redundancy, and uptime guarantees. Systems are kept up-to-date with security patches and undergo regular vulnerability assessments.
6. SECURITY REVIEWS AND PENETRATION TESTING
We conduct regular internal security reviews and engage third-party security experts to perform periodic penetration testing to identify and remediate vulnerabilities.
7. EMPLOYEE SECURITY AND TRAINING
All employees undergo background checks where permitted and receive ongoing training in data privacy, cybersecurity, and incident response protocols.
8. INCIDENT RESPONSE
In the event of a security incident, Hero Link will act in accordance with our documented incident response plan, including timely customer notifications where required by law or contract.
9. CUSTOMER RESPONSIBILITIES
Customers are responsible for securing their authentication credentials, managing user permissions within their accounts, and ensuring proper use of Hero Link’s services in accordance with security best practices.
10. CONTACT
For questions about our security practices or to report a vulnerability, please contact:
Hero Link, LLC
Email: support@herolink.com