Clients have placed their trust in Me-Grow, a product developed by Markelytics, for its robust research capabilities in conducting market studies. Me-Grow offers an extensive array of features facilitating everything from data collection to insightful reporting, bolstering customer support and ensuring seamless application functionality.
A paramount concern for Me-Grow is the security of client data, adhering to stringent privacy regulations and corporate policies. This document aims to outline Me-Grow's security measures and protocols.
Personal Information refers to any information that you submit to us voluntarily and identifies you personally via it. It can be your contact information, such as your name, e-mail address, phone number, company name, company address, and other Information about yourself or your company. Personal Information can also include any additional information you’ve found on our website. It can also include Information such as navigational information, which refers to the information about your computer, IP address, referral source, geographical locations, visits to various websites, length of the visit, and pages viewed. We do not collect any other sensitive information. All the personal Information collected is not used for any other purposes except for what it is intended for, which includes logging into our platform, sending important Information regarding our product access, and troubleshooting. We do not buy, sell, or use PIs for any other business purposes. Your personal information is completely safe per international data privacy and security standards.
Data security is our foremost concern, overseen by a dedicated Security team managing Me-Grow's programs in alignment with the ISO 27001 Information Security Standard framework. The program covers the following attributes or control sets:
1. Human resource (People) SecurityAll candidates must pass a thorough background verification process conducted by the Security team to ensure that the right people are onboarded to develop Me-Grow. Additionally, the Security team consistently provides information on emerging threats and conducts phishing awareness campaigns to keep everyone updated on security trends.
The Me-Grow Product Security program has instituted the following practices:
In pursuit of bolstering product security, the Me-Grow Security team conducts a myriad of ongoing activities, including: a. Assessing internal security prior to product launches b. Regularly conducting penetration tests by third-party contractors c. Running bug identification programs d. Continuously evaluating both internal and external security e. Regularly monitoring threat models
Implementation and oversight of technology-specific software security training guarantee that all developers at Me-Grow are well-versed and updated on the latest security trends.
For its change management process, Me-Grow utilizes software like Jira to meticulously track, review, and authorize changes before transitioning the product to a staging environment and ultimately deploying it to production.
Routine penetration tests carried out by third parties and bug identification programs foster the disclosure of any vulnerabilities in Me-Grow.
To securely store credential data, Me-Grow employs industry-leading methods by adding salt to the hashing process.
In order to establish a secure foundation for both Me-Grow applications and its clientele, the cloud security program encompasses the following initiatives:
Every cloud asset must be clearly assigned an owner, a security classification, and a designated purpose.
To minimize direct access to infrastructure, networks, and production data resources, employees are required to access these resources through approval processes, robust multi-factor authentication, or by utilizing a bastion host.
Me-Grow's production environment operates within a logically isolated Virtual Private Cloud (VPC), housing all customer data and customer-facing applications. Segregation is maintained between production and non-production networks. Access within the production network is tightly controlled and limited only to authorized services via firewalls.
Me-Grow meticulously logs high-risk actions and alterations within the production network. Automation is leveraged to promptly identify and flag deviations from standardized guidelines.
To ensure the safeguarding of information across networks and their supporting information processing facilities, Me-Grow implements robust communication security measures.
Aligned with the "designed to be secure" principles, Me-Grow's Continuous Monitoring program incorporates the following practices:
Through ongoing monitoring and the cultivation of proactive and detective capabilities, Me-Grow stands ready to address vulnerabilities, incidents, and threats, taking appropriate measures to mitigate them.
Access to security logs is restricted to Me-Grow personnel, and these logs are retained for 180 days.
Me-Grow leverages industry-leading platforms to detect, mitigate, and prevent DDoS attacks.
Me-Grow consistently updates and revises its Business Continuity and Disaster Recovery plans. To ensure unparalleled resilience, Me-Grow employs a range of tools and mechanisms, including:
AWS's presence across multiple geographic regions and availability zones enables Me-Grow to maintain global resilience in the face of various failure scenarios, such as natural disasters, system failures, or malfunctions.
Me-Grow utilizes secure cloud storage to conduct routine backups of client account information and other critical data. All backup files undergo robust encryption measures and are redundantly stored across multiple availability zones.
Me-Grow leverages industry-leading platforms to detect, mitigate, and prevent DDoS attacks.
In today's interconnected business landscape, maintaining insight into the software supply chain is crucial. Me-Grow has instituted the following initiatives to uphold third-party security:
Me-Grow verifies potential third parties through security assessments during the onboarding phase.
After establishing a supplier relationship, Me-Grow conducts periodic evaluations of security and business continuity aspects with existing third parties. This program encompasses:
a. Assessing the type of access and data classification (if applicable)
b. Implementing necessary controls to safeguard data
c. Adhering to legal and regulatory requirements
Me-Grow ensures the return or deletion of data at the conclusion of a vendor relationship.
As part of its dedication to safeguarding its premises, Me-Grow prioritizes physical security within its overall security strategy. This encompasses the following:
To protect all production systems and customer data, Me-Grow relies on AWS data centers, renowned for their adherence to best practices and compliance with a wide range of standards. For further details on AWS Data Center Physical Security, refer to the AWS Security Whitepaper. https://d0.awsstatic.com/whitepapers/aws-security-whitepaper.pdf
Me-Grow implements a thorough security program to oversee visitors, building entrances, CCTV surveillance, and overall office security. Every employee, contractor, and visitor must wear identification badges that clearly denote their roles.
Me-Grow ensures the return or deletion of data at the conclusion of a vendor relationship.
With a commitment to mitigating risk and maintaining regulatory and security compliance requirements, Me-Grow includes the following:
Me-Grow operates in accordance with relevant legal, industry, and regulatory requirements, and industry best practices.
Our platform relies on Amazon Web Services (AWS) data centers for their unparalleled scalability, security, and reliability. AWS adheres to top-tier security policies and frameworks, including SSAE 16, SOC framework, ISO 27001, and PCI DSS.
MEG is an AI-powered assistant tailored to elevate your data analysis capabilities and unlock actionable insights. MEG excels in generating key themes, concise summaries, addressing community discussions, facilitating survey creation, and analyzing survey data with precision. Powered by pre-trained, secure AI models, MEG consistently delivers optimal results.
While we are committed to maintaining the quality and reliability of insights, it's important to acknowledge that results may have limitations, inaccuracies, or inherent biases. It's essential to recognize that insights and results provided by MEG are not professionally vetted and should not serve as a standalone substitute for thorough research. Instead, MEG is designed to streamline and expedite the analysis process.
For comprehensive and reliable information, we encourage users to supplement MEG's insights with their own analysis or seek guidance from subject matter experts. Me-Grow assumes no liability for any outcomes resulting from the use of its features.
At Me-Grow, we prioritize responsible data governance. Our policy focuses on fairness, interpretability, privacy, safety, and security in all aspects of data management.
This policy applies to all Me-Grow employees, contractors, and third parties who access, interact with, or are influenced by our custom chatbot, customer data, and associated systems.