Security Policy
Introduction
This security policy is designed to protect the integrity, availability, and confidentiality of data and information related Strive Technology apps.
Adherence to Microsoft Security Guidelines
Data Protection
- All data processed by an app is stored and handled in accordance with Microsoft's stringent data handling and storage policies.
- Apps do not store any user data outside of the user's Office application (ex. Excel) and Microsoft's secure cloud infrastructure.
- All data transmissions occur over secure, encrypted connections.
- Specific apps may have additional data privacy statements which may override statements in this policy.
Data Collection and Retention
- Our apps may collect minimal data necessary for its functionality, such as user preferences, session information, and usage analytics.
- We retain data only as long as necessary for app functionality.
- Analytics data and troubleshooting data have a default data retention of 90 days.
Access Control
- Access to data within an app is controlled based on the principle of least privilege.
- Users can only access data for which they have been granted explicit permissions.
Software Security
- Apps are developed following secure coding practices to prevent common security vulnerabilities.
- Regular security checks and updates are conducted to ensure the add-in remains secure against potential threats, generally, not longer than 6 months.
Incident Response
In the event of a security incident, a response will be initiated promptly to mitigate the impact, investigate the cause, and prevent future occurrences.
User Responsibilities
Users are responsible for maintaining the security of their own Microsoft accounts, including using strong passwords and keeping their login information confidential.
Updates and Revisions
This security policy will be reviewed and updated regularly to ensure it remains effective and relevant.