DATA LOSS

Last Updated: November 2024

How We Prevent Data Loss

Welcome to Softify OÜ! By signing up for one of the applications created by Softify OÜ or by using any of the services offered by Softify OÜ, you are agreeing to be bound by the following conditions.

Softify OÜ provides a complete invoicing platform that enables Shopify merchants to unify their invoicing activities. Among other features, this platform includes a range of tools for merchants to create and customize various document types like invoices, packing slips, credit notes, return labels, and shipping labels. Drag & Drop designer can also be used to create any kind of document type. Any new features or tools which are added to the current Services will also be subject to this document.

Softify OÜ also provides an AI-powered personalization platform that marketers and e-commerce professionals use to deliver personalized shopping experiences across the web, and mobile without any technical knowledge. Any new features or tools which are added to the current Services will also be subject to this document.

We reserve the right, from time to time, to modify, amend or restate this document or any other terms, rules, or conditions that are published on this website or on our applications. We will take reasonable steps to attempt to notify you of such amendments but you agree that such notice is not required and waive any right to dispute any term of the Agreement due to a prior amendment and/or failure to receive adequate notice. If you do not agree to, or cannot comply with, the terms as amended, you are not authorized to use our applications. You will be deemed to have accepted the terms as amended if you continue to use our applications after any amendments are posted on our applications and/or the company website. We reserve the right to refuse to provide services or products, to anyone at any time.

These terms are a legally binding contract between you and Softify OÜ (collectively, “Softify”, "Softify Apps", "Easy Invoice+", "Easy Upsell & Cross Sell+" “we,” or “us”) regarding your use of our applications and services. Please read these terms carefully, and keep a copy of them for your reference if possible. In this Agreement, "you," "your", "merchant", "store owner", "Shopify user" and "Customer" will refer to you. If you are visiting, using, or registering for any Softify OÜ application or service on behalf of an entity or other organization, you are agreeing to these Terms for that entity or organization and representing to Softify OÜ that you have the authority to bind that entity or organization to these Terms (and, in which case, the terms "you," "your", "merchant", "store owner", "Shopify user" and "Customer" will refer to that entity or organization).

Purpose of This Policy

Softify is a subscription-based application that allows you to manage your invoicing. If you have an Softify subscription, this policy can be used as both a guideline and an overview of the management of Softify application.

Policy Detail

Softify is committed to enhancing member service through the use of many forms of e-commerce activities. We aim to make our members' daily operations easier by offering them applications and services at their fingertips.

Electronic commerce activities include Softify's website, applications, and services offered through communication channels.

Softify is committed to protecting the sensitive data of our users. We will build and update policies to protect all kinds of sensitive information that belongs to our users.

It is the practice of Softify to safeguard member data at all times. Information is protected at both the sending and receiving invoices for each Shopify transaction or displaying recommendations for existing product catalogs. To accomplish this, there are several levels of protection applied to our apps and services.

  • We use encryption to ensure that no portion of a transaction is readable except by the parties at each end of the transmission. This ensures that data can be transmitted securely without concern that another party could intercept all or part of the transaction. Encryption also makes certain that the transaction is not tampered with as it routes from point to point and data is received exactly as it was sent. Softify will use a minimum of 128b encryption. This also applies to vendors that host Softify's member data.
  • In order to ensure the security of transactions, a secure connection is established between the two parties before any data is transferred. The initiating party (the one who initiates the transaction) must prove his/her identity prior to conducting the transaction. This is typically handled with user IDs or account numbers, along with password or PIN combinations. Additionally, encryption certificates are also employed to validate the authenticity of both servers and users. System administrators control system access by assigning users different levels of access to applications and data. These access levels are determined by senior management and are specific to each job function. This ensures that access to applications and specific types of transactions are only granted as job functions require.
  • Multi-factor authentication (MFA) is a security measure that provides more than one form of authentication to verify the legitimacy of a transaction. The layered defense makes it more difficult for an unauthorized person to gain access, which helps prevent data theft and fraud.
  • Firewalls are used to protect internal systems from threats originating from the Internet. They also protect those systems when connecting to vendors' networks. Firewall operating systems and configurations will be reviewed periodically to ensure maximum protection. An audit log will be maintained tracking all attempts to access unconfigured (blocked) services. Firewalls and other access devices will be used, as needed, to limit access to sites or services that are deemed inappropriate or non-corporate in nature. Vendor-hosted solution firewalls will be reviewed prior to implementation.
  • As part of our commitment to your privacy and security, we have implemented a comprehensive network security system. This system includes a firewall that prevents outside parties from gaining unauthorized access to your protected servers. Our firewall also blocks any attempts at virus attacks through the use of network-level anti-virus software that is updated automatically on a regular basis. E-mail is scanned prior to delivery, further reducing the potential of a virus entering the network in this manner. Intra-network traffic is subject to distinct operating rules and restrictions. Through the use of firewall technology, outside parties are directed only to approved, internal resources. An example of this is web page services that allow certain types of traffic from the Internet (web page browsing) but have other types of traffic blocked (i.e. administrative tasks). This strategy dramatically reduces the risk of any party gaining unauthorized access to a protected server.
  • Softify Corporation is committed to maintaining a high level of physical security for all of our data and hardware. Sensitive data, hardware, and software are secured in the Softify data center, which is secured with a card access entry point and is monitored throughout the day by IT staff. Further access to this area of the building is limited to a small number of authorized personnel. It is Softify’s practice to change administrative passwords and immediately remove card access privileges after any change in IT staff. In addition to on-site storage of data, Softify stores overnight backups of critical systems data and replicated Storage Area Network (SAN) storage to a secure off-site location. This ensures that data is available in the event of a disaster or other critical situation.
  • All IT staff are trained and review all procedures at least annually.
  • Staff passwords, on the host data processing system, expire after 45 or 90 days. This control, along with a strict Softify policy prohibiting users from sharing or disclosing their passwords, is intended to prohibit unauthorized access to systems and data. After receiving a change in status from Human Resources or other management team members, IT staff immediately removes user access codes from appropriate systems.
  • Softify recognizes that e-commerce security issues change daily. New threats to security, safety, and accuracy appear daily and system vendors publish updates and patches regularly to eliminate the threat. To assist in the ongoing maintenance of key components of system security, Softify will engage, at a regularly scheduled interval, in consulting and audit oversight with a nationally recognized leader in the area of e-commerce security. This vendor may also provide technical assistance as new e-commerce-related features are added to the system to ensure the continued safety and security of existing systems. As a result of these efforts, Softify has implemented a comprehensive approach to maintaining the high level of security necessary for continued success in an ever-changing business environment.
  • Softify utilizes a wide range of data communication lines to ensure that information is always transferred securely and reliably. Data transmissions are secured, encrypted, and/or password protected as needed.

Identify Sensitive Data

The purpose of data loss prevention (DLP) is to identify and prevent unauthorized access, use or disclosure of sensitive data. DLP allows organizations to control what information leaves the organization and how it's used when it does. It can be used in conjunction with encryption to further protect sensitive data. The first step for DLP is to identify all the confidential, restricted, and highly restricted data across the whole application and across the three categories, i.e. for data-in-transit, in-store, and in-use. Once all this information is identified, Softify will define the scope within which the DLP Solution will function. Each data set analyzed will be considered as to whether or not leveraging the DLP product would be an efficient use of resources, whether the data is non-sensitive or whether it would be an effective tool in further securing the data.

Response Program

Softify will report any suspected or detected unauthorized individuals gaining access to member information systems to appropriate regulatory and law enforcement agencies according to Softify information security response procedures.

Compliance

Softify is committed to protecting your privacy and ensuring you have an excellent experience using our products. We take our responsibilities as a data-sensitive organization seriously and are guided by mandatory compliance standards specified by governments and industry regulators.