Help Center

# 🛡️ Information Security Policy

# 1. Introduction

This Information Security Policy establishes the principles, guidelines, and measures adopted by Envone SRL to guarantee the confidentiality, integrity, traceability, authenticity, and availability of the information, systems, and services provided.

Access to and use of the platform by users implies full acceptance of this policy, which may be unilaterally modified by Envone SRL whenever deemed necessary, communicating such changes through the usual means.

# 2. Data Protection and Processing

  • All data is stored on secure servers, under physical and logical control, with access restricted only to authorized personnel.
  • Information is encrypted in transit using TLS/SSL protocols and at rest using robust encryption mechanisms.
  • Periodic backups are performed to prevent information loss, applying integrity controls and disaster recovery plans.
  • Envone SRL reserves the right to contract third-party services specialized in storage and security, who must comply with equivalent or superior standards.

Defensive clause: Envone SRL shall not be responsible for unauthorized access, losses, or leaks arising from external causes, force majeure, actions of third parties, user negligence, or attacks of an inevitable and unforeseeable nature.

# 3. Access Control and Authentication

  • Access to the platform requires authentication through personal and non-transferable credentials.
  • The use of strong passwords, renewed periodically, and multifactor authentication (MFA/2FA) is recommended.
  • Access is logged through secure logs to ensure traceability.
  • Envone SRL may suspend or revoke access deemed fraudulent, abusive, or contrary to current regulations.

Defensive clause: Responsibility for safeguarding credentials rests exclusively with the user. Envone SRL shall not be responsible for damages arising from the improper, negligent, or fraudulent use of such credentials.

# 4. Operational Security

  • The infrastructure has firewalls, intrusion prevention and detection systems (IDS/IPS), continuous monitoring, and periodic audits.
  • Security updates are applied regularly to mitigate known vulnerabilities.
  • Strict segregation of functions and role and permission controls are implemented.
  • Business continuity and contingency plans are available for critical incidents.

Defensive clause: Envone SRL adopts reasonable measures in accordance with industry best practices, without this implying absolute guarantee against cyber threats.

# 5. Service Availability

  • Envone SRL uses its best commercial and technical efforts to maintain the continuous availability of services.
  • However, interruptions may occur due to scheduled maintenance, technical failures, updates, force majeure, or events beyond the reasonable control of Envone SRL.
  • In such cases, Envone SRL will seek to restore services as soon as possible, without this implying any obligation of compensation.

# 6. User Responsibilities

  • Maintain the confidentiality and proper safeguarding of their credentials.
  • Immediately notify Envone SRL of unauthorized access, lost passwords, or related incidents.
  • Refrain from using the platform for illegal, abusive, fraudulent purposes or those that may affect third parties.
  • Comply with all applicable regulations regarding data protection, cybersecurity, and responsible use of digital services.

Defensive clause: The user’s failure to comply with these obligations will exempt Envone SRL from any responsibility arising from security incidents or damages to third parties.

# 7. Incident Reporting and Management

  • Users may report any incident or suspected security breach to the email: security@envone.com.
  • Envone SRL undertakes to analyze, document, and adopt corrective measures within reasonable timeframes.
  • Envone SRL may notify the competent authorities in the event of serious incidents or those constituting unlawful acts.

# 8. Limitation of Liability

  • Envone SRL does not guarantee the total absence of vulnerabilities or immunity against third-party attacks.
  • Envone SRL shall not be responsible for indirect losses, lost profits, consequential damages, or damages arising from unavoidable interruptions, security incidents, or force majeure events.
  • The user acknowledges that no security measure is absolute and assumes the inherent risks of using digital services.

# 9. Validity

This policy enters into force as of its publication and will remain applicable until it is replaced by an updated version, which will be duly communicated.

📑 Terms and Conditions of Use