Security and Privacy at EduSynch

Last revised on January 1, 2023

Dokimi, Inc. (d.b.a EduSynch) (“Dokimi“, “EduSynch,“ “we,“ or “us“) welcomes you to and any and all applications or mobile applications offered by Dokimi, Inc (the “Site“). This Privacy Policy describes how EduSynch collects and receives information about you through the Site, Services and Content and through EduSynch`s businesses, including offline. The Privacy Policy together with the Terms and Conditions of use govern your use of the Site and EduSynch`s collection and use of your information.

At EduSynch, security is not just an afterthought—it is fundamental to our mission. Our commitment to helping our customers improve their security and compliance posture starts with our own.

1. Governance

Our Security and Privacy teams establish policies and controls, monitor compliance with those controls, and demonstrate our security and compliance to third-party auditors. These policies are based on the following foundational principles:

  • Access is limited to only those with a legitimate business need, granted based on the principle of least privilege.
  • Security controls are implemented and layered according to the principle of defense-in-depth.
  • Security controls are applied consistently across all areas of our organization.
  • The implementation of controls is iterative, maturing continuously across the dimensions of improved effectiveness, increased auditability, and decreased friction.

EduSynch is fully GDPR compliant. We do not store or save any biometric data.

2. Data Protection

At EduSynch, we take data protection seriously. Our approach includes encryption for data at rest and in transit, and stringent management of encryption keys and other secrets.

3. Product Security

We partner with industry-leading security consulting firms for regular penetration testing. All areas of the EduSynch product and infrastructure are in-scope for these assessments.

Moreover, we require vulnerability scanning at key stages of our Secure Development Lifecycle.

4. Enterprise Security

All corporate devices are centrally managed and equipped with mobile device management software and anti-malware protection. We use a risk-based approach to vendor security and secure remote access to internal resources using modern VPN platforms.

EduSynch provides comprehensive security training to all employees upon onboarding and annually through educational modules. New engineers also receive training focused on secure coding principles and practices.

We use industry-standard solutions to secure our identity and access management. Employees are granted access to applications based on their role, and automatically deprovisioned upon termination of their employment.

5. Data Privacy

At EduSynch, data privacy is a first-class priority. We strive to be trustworthy stewards of all sensitive data, and we continuously evaluate updates to regulatory and emerging frameworks to evolve our program.

6. Responsible Disclosure

If you`re looking to report a security concern, please visit ourResponsible Disclosure page.