Security
Information Security Policy
SONAUMA is committed to protecting information assets entrusted to us by customers, users, and partners, and to continually improving our information security posture.
Basic policy
We protect information assets handled through our mobile app, IoT, and data analytics work across confidentiality, integrity, and availability. We balance prevention with timely response to security threats and vulnerabilities.
Scope
This policy applies to everyone who handles our information assets, including officers, employees, and contractors. It covers source code, design materials, customer information, devices, and data held in cloud services used for development and operations.
Organizational measures
We assign responsibility for information security, maintain policies and procedures, manage access rights, and oversee vendors. When incidents occur, we follow reporting, initial response, and recurrence-prevention procedures and notify affected parties when appropriate.
Technical measures
We apply technical controls appropriate to our scale and risk, including access control, authentication, encryption, malware protection, vulnerability management, and backups. In development and operations, we prevent unnecessary privileges and improper sharing of sensitive information.
Physical and personnel measures
We work to prevent loss or leakage of devices and media, reduce visual exposure of information in the workplace, and raise security awareness through training. Confidentiality agreements and related obligations are applied and maintained as needed.
Compliance and review
We comply with applicable laws, regulations, and contractual obligations. This policy and related procedures are reviewed periodically in light of changes to our business, risk profile, and technical environment.