security policy

Introduction

At Divvied LLC ("we," "us," or "our"), the security of our users’ personal, financial, and transactional data is a top priority. This Security Policy outlines the technical, administrative, and procedural safeguards we have in place to protect against unauthorized access, data breaches, and cyber threats. By using Divvied’s Services, you agree to this policy and our commitment to safeguarding your information.


Scope

This policy applies to the mobile application ("App"), website ("Site"), and any related services offered by Divvied LLC. It covers all users, employees, contractors, and third-party service providers who interact with Divvied’s systems.



Security Measures

We employ industry-leading security protocols and best practices to safeguard user data. Our security measures include, but are not limited to:


Data Encryption

      • Encryption in Transit: All data transmitted between users, devices, and our servers is encrypted using Transport Layer Security (TLS).
      • Encryption at Rest: Sensitive data, such as personal information and payment details, is encrypted when stored in our databases.


User Authentication

      • Multi-Factor Authentication (MFA): We require multi-factor authentication (MFA) to verify user identity during logins and sensitive account actions.
      • Biometric Authentication: Users may log in using biometric authentication methods, such as fingerprint or facial recognition, when enabled on their devices.


Access Controls

      • Role-Based Access Control (RBAC): Access to user data and system tools is limited to employees or contractors with specific roles.
      • Least Privilege Principle: Staff and third-party vendors are granted the minimum access necessary to perform their roles.


Network Security

      • Firewalls and Intrusion Detection: Our systems are protected by firewalls and monitored for suspicious activities.
      • DDoS Protection: We employ tools to detect and mitigate Distributed Denial of Service (DDoS) attacks.


Payment Security

      • PCI-DSS Compliance: We follow the Payment Card Industry Data Security Standard (PCI-DSS) to secure payment card transactions.
      • Tokenization: Payment information is tokenized, ensuring sensitive card data is never stored directly on our servers.


Vulnerability Management

      • Penetration Testing: We conduct regular penetration testing to identify and mitigate vulnerabilities.
      • Bug Bounty Program: We work with security researchers to identify and resolve potential security vulnerabilities.


Incident Response

      • Breach Detection: We continuously monitor for data breaches and suspicious activity.
      • Response Plan: In the event of a security breach, we follow an incident response plan to contain, mitigate, and notify affected users promptly.


Employee and Contractor Training

      • Security Awareness Training: Employees and contractors undergo security awareness training to prevent phishing, social engineering, and insider threats.
      • Confidentiality Agreements: Employees and contractors sign confidentiality agreements as part of their onboarding.


Security of Payment Processing

      • We integrate with third-party payment providers (e.g., CashApp, PayPal, Venmo, Google Pay, Apple Pay) to facilitate payments.
      • Divvied does not store full payment details, as payment information is processed and secured directly by these third-party providers.


Data Breach Response

If a security breach occurs, Divvied will take the following actions:

  1. Identify and Contain: Detect and isolate affected systems to prevent further unauthorized access.
  2. Notify Affected Users: Notify affected users of the breach in compliance with U.S. data breach notification laws.
  3. Remediate and Improve: Analyze the root cause, apply patches, and strengthen security controls to prevent future incidents.


User Responsibilities

Users play a critical role in maintaining security. We encourage users to:

  • Enable Two-Factor Authentication (2FA) for enhanced login security.
  • Use Strong Passwords and avoid reusing passwords from other services.
  • Report Suspicious Activity: If users suspect unauthorized access, they should notify us immediately via support@divvied.app.


Compliance with Regulatory Requirements

We adhere to relevant laws and regulations to protect user data, including but not limited to:

  • U.S. State and Federal Privacy Laws
  • Payment Card Industry Data Security Standards (PCI-DSS)
  • Anti-Money Laundering (AML) and Know Your Customer (KYC) Compliance


Changes to This Security Policy

We may update this Security Policy to reflect changes in security practices or regulatory requirements. Users will be notified of material changes through in-app notifications or email alerts. The Effective Date at the top of this policy will be updated accordingly.


Contact Us

If you have any questions or concerns about this Security Policy, please contact us at: support@divvied.app



Divvied LLC 

Address: 8 The Green STE A, Dover, DE 19901, United States 

Email: [support@divvied.app]


Effective Date: January 2025 

Last Updated: January 2025