Objective

This Security and Compliance Policy (“Policy”) outlines how Intellectus Universe Pte. Ltd. (“Intellectus Universe,” “we,” “our,” “us”) manages the security and compliance of information received and processed through our website, services, and technology platform (“Platform”) at doctranslate.com. Intellectus Universe is committed to protecting the confidentiality, integrity, and availability of personal and business data in accordance with industry standards, the laws of Singapore, and best practices applicable to AI document translation.

1. Governance and Staff Responsibilities

All Intellectus Universe employees and contractors share responsibility for ensuring the security of data, electronic devices, and network resources. Security awareness is part of new employee onboarding, and all staff are periodically reminded of their data protection and confidentiality obligations.

2. Security Policies

Intellectus Universe develops and maintains baseline security policies appropriate to a startup in Singapore’s technology sector. These policies include, but are not limited to, the following:

Information Security Policy (covering data classification, asset management, and access control)

Incident Response Plan (detailing procedures in the case of a security event)

Secure Development Practices (for new features and software changes)

Data Retention and Disposal Guidelines

Policies are reviewed annually or upon any significant regulatory or operational change.

3. Data Center and Hosting Security

Our infrastructure is hosted on leading cloud service providers (including Amazon Web Services and Google Cloud), which maintain physical and IT security controls certified to international standards (such as ISO 27001, SOC-1/2/3).

All platform data is stored securely within these providers’ data centers, leveraging redundancy and availability features.

Data in transit between your browser and our servers is encrypted using HTTPS/TLS protocols.

We leverage cloud backup and recovery to minimize risks of data loss.

4. Access Control

Access to Personal Data and system resources is restricted based on the principle of least privilege:

Only authorized personnel may access production systems or sensitive information, subject to documented approval.

Authentication is required for all employee and contractor access, including strong password and (where feasible) multifactor authentication.

User accounts in the Platform are isolated; users may only access their own data or that which is specifically authorized.

5. Security Awareness, Training, and Confidentiality

All personnel receive fundamental security orientation upon joining.

Employees and contractors are required to comply with confidentiality clauses in their contracts.

Use of systems and access to production or customer data is logged and monitored by the management team.

6. Security Incident Management

Intellectus Universe has an incident response procedure to investigate, contain, and report any suspicion of unauthorized access or breach.

Security events are documented and reviewed by management.

We commit to notifying affected parties and relevant authorities (including Singapore’s PDPC) promptly in accordance with the Personal Data Protection Act (“PDPA”).

7. Backup, Business Continuity, and Disaster Recovery

Regular backup procedures are implemented using our hosting providers’ secure backup solutions.

Data can be restored by the operations team in the case of system disruption or disaster.

Business continuity and disaster recovery plans are reviewed at least annually and as operations evolve.

8. Physical Security

We use virtual (cloud-based) infrastructure, so data is not stored at our business premises. When office storage occurs, the following baseline measures apply:

Access control to the premises (locked entry and inventory logging for sensitive assets)

Secure disposal of paper documents using shredding services

9. Partners, Subprocessors, and Vendors

To deliver our services, we rely on leading cloud and AI service providers (such as Amazon Web Services, Google, and OpenAI):

All vendors must enter into agreements committing them to data confidentiality and security standards that comply with Singapore law.

We monitor these vendors’ compliance through contractual assurances and public documentation.

10. Cryptography

All transmission of data between clients and our servers is encrypted using industry-standard protocols (e.g., HTTPS/TLS).

Passwords and authentication credentials are securely hashed and stored; sensitive data is encrypted at rest where feasible through our hosting partners’ infrastructure.

Encryption algorithms and key lengths used meet industry best practices.

11. Change Management and Secure Development

All significant changes to business systems, codebase, or infrastructure are authorized, documented, and tested for security implications before being deployed to production.

New development is guided by secure coding principles, including the avoidance of hard-coded secrets and prompt remediation of known vulnerabilities.

12. Logging and Monitoring

Key system operations, including access to sensitive data and configuration changes, are logged.

Logs are retained for at least [insert retention period, e.g., 90 days] to support investigations and audits.

13. Penetration Testing and Vulnerability Management

Intellectus Universe periodically engages third parties to conduct risk assessments and penetration testing as resources allow.

Identified vulnerabilities are assessed for risk and remediated in accordance with priority and impact.

14. Legal Compliance

The privacy and security of your data is managed in accordance with applicable laws, including Singapore’s PDPA, and where appropriate, international frameworks such as GDPR.

We cooperate with regulatory authorities in Singapore and promptly address any legal or regulatory obligations regarding data security and privacy.

15. Review and Updates

This Policy is reviewed at least annually or when significant changes occur to our business, technology, or legal obligations. We reserve the right to update and amend these security practices as our company matures and as required to comply with statutory and industry obligations.

16. Contact

Questions, concerns, or incidents related to security or compliance should be reported immediately via our contact form at www.doctranslate.co/contact