Log in

Security Policy

Table of Contents

The DBT Ai (thedbt.ai)
Contact: info@thedbt.ai
Effective Date: [1st January 2025]
Version: 1.0

1. Purpose

This Security Policy defines how The DBT Ai protects the confidentiality, integrity, and availability of data processed through the thedbt.ai platform. It explains the security controls, processes, and responsibilities that support the secure delivery and operation of our services.

2. Scope

This policy applies to:

  • All infrastructure, systems, applications, and data used to deliver the thedbt.ai services.

  • All employees, contractors, and third-party partners with access to these systems or data.

  • All data processed, stored, or transmitted in connection with the thedbt.ai platform.

3. Roles and Responsibilities

  • Security Leadership: Oversees security governance, risk assessments, and policy enforcement.

  • Engineering and IT Teams: Implement, maintain, and monitor technical and organizational security controls.

  • Employees and Contractors: Must comply with this policy, participate in required security awareness training, and report incidents.

  • Third Parties and Sub-processors: Must operate under contractual obligations to meet comparable security standards.

4. Data Classification

All data handled by The DBT Ai is classified based on sensitivity:

  • Public Data: Information intended for public access.

  • Internal Data: Company operational data with limited distribution.

  • Sensitive/Personal Data: Identifiable information requiring heightened protection.

Appropriate security controls are applied based on data classification.

5. Access Control

  • Access to systems and data is granted on the principle of least privilege.

  • Unique user credentials are required; credential sharing is prohibited.

  • Where supported, multi-factor authentication is enforced.

  • Access rights are reviewed periodically and adjusted when roles change or access is no longer required.

6. Encryption and Data Protection

  • Data in transit is protected using industry-standard transport encryption.

  • Sensitive data at rest is encrypted using strong cryptographic standards.

  • Encryption key management follows secure lifecycle practices to prevent unauthorized access.

7. Infrastructure and Network Security

  • All systems are configured with secure defaults and regularly patched or updated.

  • Firewalls, network segmentation, and secure configuration standards protect infrastructure components.

  • Vulnerability scanning and penetration testing are used to identify and remediate risks.

8. Incident Response

  • The DBT Ai maintains a documented Incident Response Plan to ensure quick identification, containment, and recovery from security incidents.

  • Employees are required to report suspected security incidents immediately.

  • Incidents are logged, analyzed, and reviewed to improve future responses.

9. Monitoring and Logging

  • Security-relevant events and system logs are collected and monitored to detect unauthorized or anomalous activity.

  • Logs are retained according to internal retention schedules and protected against tampering.

10. Third-Party and Sub-processor Security

  • All third parties with access to sensitive or personal data must enter into agreements that require adherence to security practices consistent with this policy.

  • Regular reviews are performed to confirm third-party compliance.

11. Training and Awareness

  • Regular security awareness training is provided to employees and contractors.

  • Training includes phishing awareness, secure data handling, incident reporting, and other relevant topics.

12. Physical Security

  • Physical access to data centers or infrastructure that houses sensitive systems is controlled and monitored.

  • Workspaces accessible to employees follow physical security guidelines to prevent unauthorized access.

13. Compliance and Legal Requirements

  • The DBT Ai aligns its security practices with applicable laws and regulations governing data protection and security.

  • Documentation and security controls are maintained to demonstrate compliance with applicable obligations.

14. Policy Enforcement

  • Failure to comply with this policy may result in disciplinary action, up to and including termination.

  • Security controls and processes are regularly audited for effectiveness.

15. Review and Updates

  • This policy is reviewed at least annually or whenever significant changes occur in technology, threat landscape, or regulatory requirements.

  • Updates are approved by security leadership and communicated to all relevant stakeholders.

Ready to Turn Your Leads into a
Flood of Booked Appointments?

Stop letting revenue slip through the cracks. See exactly how our AI Sales Agent can transform your business. No credit card required. 100% free consultation.
Book an Appointment
Sign Up
DBT AI Logo
Postmake feature badge for dark backgrounds
Fazier badge
Linkedin Twitter Facebook

Web Pages

Industries

Legal Pages

Contact

  • info@thedbt.ai
  • +447465884867
  • Aylesbury, Buckinghamshire, United Kingdom

Designed & Developed by Web Makeer