Security policy

This Security Policy ("Policy") outlines the measures and protocols implemented by Sway Taxi Limited ("Sway", "Sway Taxi", "we," "us," or "our") to protect the confidentiality, integrity, and availability of personal information collected through our website (the "Site") and mobile application (the "App"). By accessing or using our Services, you agree to the terms of this Policy.

Areas covered
Information security controls, Physical security measures, Security awareness and training, Security monitoring and incident response, Compliance and audit

Security Policy

1) Information security controls

  • We implement access controls to limit access to personal information to authorised individuals only. Access permissions are granted based on job roles and responsibilities, and access to sensitive information is restricted to individuals with a legitimate need to know.

  • We use encryption technologies to protect personal information during transmission over the internet and when stored on our servers. This includes using Secure Socket Layer (SSL) encryption for data transmission and encrypting data at rest using industry-standard encryption algorithms.

  • We require strong authentication mechanisms, such as passwords or multi-factor authentication, to verify the identity of users accessing our systems. User access is granted based on the principle of least privilege, and administrative access is closely monitored and controlled.

  • We segregate personal information from other types of data to prevent unauthorised access or disclosure. Access to databases and storage systems containing personal information is restricted to authorised personnel only.

2) Physical security measures

  • We host our servers and infrastructure in secure data centres with physical security controls, such as access controls, surveillance cameras, and intrusion detection systems.

  • We implement measures to protect physical equipment, such as servers, routers, and storage devices, from theft, tampering, or damage. This includes securing equipment in locked cabinets or cages and monitoring access to server rooms.

3) Security awareness and training

  • We provide security awareness training to all employees to educate them about potential security threats, best practices for protecting personal information, and their responsibilities for safeguarding company assets.

  • We conduct regular incident response training exercises to ensure that employees are prepared to respond effectively to security incidents, such as data breaches or cyber attacks.

4) Security monitoring and incident response

  • We employ security monitoring tools and technologies to detect and respond to potential security incidents in real-time. This includes monitoring network traffic, system logs, and user activity for signs of unauthorised access or malicious activity.

  • We have established incident response procedures to promptly investigate and mitigate security incidents. This includes procedures for notifying affected individuals, law enforcement authorities, and regulatory agencies as required by law.

5) Compliance and audit

  • We comply with applicable data protection laws, regulations, and industry standards governing the security and privacy of personal information, such as the General Data Protection Regulation (GDPR) and the Payment Card Industry Data Security Standard (PCI DSS).

  • We conduct regular internal audits and assessments of our security controls to ensure compliance with our security policies and procedures. We also undergo external audits and certifications by third-party auditors to validate our security practices.