1. Introduction
At Snitcher, we take the protection of customer data and privacy very seriously.
This Security Statement outlines how we safeguard the confidentiality, integrity, and availability of information entrusted to us.
It applies to all Snitcher products, services, and supporting infrastructure.
Security and privacy considerations are integrated into our design and operational processes.
2. Governance and Responsibility
At Snitcher, we take a structured approach to information security, guided by clear policies, processes, and accountability.
Our Security Officer works closely with Engineering experts to implement and maintain effective controls that comply with applicable laws and regulations and follow recognized IT industry best practices, including ISO 27001 and GDPR.
We regularly review and update our practices to stay ahead of emerging threats and evolving regulatory requirements.
3. Data Protection Principles
At Snitcher, we handle personal and customer data in line with applicable laws, including the EU General Data Protection Regulation (GDPR).
Our approach is guided by the following principles:
- Lawfulness, Fairness, and Transparency: Users are informed about how their data is processed.
- Purpose Limitation: Data is used only for legitimate business purposes.
- Data Minimization: We aim to collect only what is necessary.
- Storage Limitation: Data is retained only as long as required, and we are in the process of formalizing our data retention policies.
- Integrity and Confidentiality: Technical and organizational measures are applied to protect personal data.
Customers and data subjects can exercise their rights or raise security- or privacy-related questions via security@snitcher.com.
4. Infrastructure and Technical Controls
Our infrastructure runs on Amazon Web Services (AWS) in the EU Central-1 region (Frankfurt, Germany), which provides strong physical and environmental safeguards, as well as reliable redundancy and backup capabilities.
To protect our systems and data, our Security Officer and Engineering experts actively apply industry-standard measures, including:
- Encryption: Using TLS 1.3 for data in transit and AES-256 for data at rest.
- Network Protection: Firewalls, intrusion detection, and continuous monitoring.
- System Hardening and Patching: Regular updates and timely remediation of vulnerabilities.
- Backups: Automated, encrypted backups stored across multiple locations.
5. Access Control and Authentication
Access to systems and data is granted based on the principle of least privilege.
All access is role-based and regularly reviewed.
Multi-factor authentication (MFA) is being gradually implemented, starting with Google accounts.
Access events and system activities are logged where possible to support accountability.
6. Personnel and Awareness
We are building a structured security awareness program for all personnel.
Currently, updates and security-related information are shared via an internal channel.
Formal training, regular reminders, and scenario-based exercises are part of the ongoing development of the program.
7. Incident Management
Snitcher is developing a security helpdesk to register, track, and resolve security events.
A dedicated email address (security@snitcher.com) is already available, and Jira will be used for incident management once fully implemented.
Confirmed breaches involving customer data are handled in line with legal and contractual obligations, and lessons learned will be used to improve preventive measures.
8. Third-Party Management
We assess and select third-party providers based on their security and compliance practices.
All suppliers handling customer or personal data are expected to meet equivalent security and privacy requirements, which will be enforced through contractual agreements and periodic reviews as part of our ongoing vendor management process.
9. Review and Continuous Improvement
This Security Statement is reviewed regularly, at least annually or when significant changes occur in our services or infrastructure.
Updates are approved by the Security Officer and management team to ensure alignment with Snitcher’s broader compliance and governance framework.
The most recent version is always available on our website, with the date of the last update clearly indicated.
Date /Action / Name
04-10-2023 First draft Jerre
24-03-2024 Review Jerre
20-06-2024 Review Jerre
30-04-2025 Review Jerre
09-07-2025 Review Jerre
02-11-2025 Review Geert
10. Contact
For any questions, concerns, or disclosures related to security or privacy, please contact:
Security incidents: security@snitcher.com
