We take security seriously. Below we've outlined how we approach about being enterprise-grade.
We use modern cloud architecture, programming techniques, and operational policies to stay ahead of the curve. No security plan is perfect but we take pride in making sure our customers feel like their app, users, and data is secure. We never access your personal data unless it's for support or account management. We never look at your unique app's configuration unless you've specifically given consent for us to do so. We never access your app's user data. We do, however, track this data holistically de-anonymized to improve our platform.
We conduct annual penetration testing, vulnerability scans, and policy reviews to make sure we're up to date with standards.
Service Level Terms
The Services shall be available 99%, measured monthly, excluding holidays and weekends and scheduled maintenance. If a member requests maintenance during these hours, any uptime or downtime calculation will exclude periods affected by such maintenance. Further, any downtime resulting from outages of third party connections or utilities or other reasons beyond our control will also be excluded from any such calculation.
We'll will provide Support to members via e-mail on weekdays during the hours of 9:00 am through 5:00 pm Pacific time, with the exclusion of Federal Holidays ("Support Hours"). Members may initiate a support ticket during Support Hours by emailing [email protected]. After-hours support may also be provided via email. We will use commercially reasonable efforts to respond to all support tickets within one (1) business day.
Records from our data systems including app data is completely de-identified from the individual and company before being being viewed for analytics purposes. Hatch Apps strictly does not sell any individual member data to another customer.
Responsible Disclosure Policy
Data security is a top priority for Hatch Apps, and we believe that working with skilled security researchers can identify weaknesses in any technology. If you believe you’ve found a security vulnerability in Hatch Apps' service, please notify us; we will work with you to resolve the issue promptly. If you believe you’ve discovered a potential vulnerability, please let us know by emailing us at [email protected]. We will acknowledge your email within 24 hours. Provide us with a reasonable amount of time to resolve the issue before disclosing it to the public or a third party. We aim to resolve critical issues within one week of disclosure. Make a good faith effort to avoid violating privacy, destroying data, or interrupting or degrading the Hatch Apps' service. Please only interact with accounts you own or for which you have explicit permission from the account holder. While researching, we’d like you to refrain from: Distributed Denial of Service (DDoS), Spamming, Social engineering, or phishing of Hatch Apps employees or contractors.
We may revise these guidelines from time to time. The most current version of the guidelines will be available here.