Last Updated: 01 June 2025

HolidayBuddie® is committed to maintaining a secure, resilient, and privacy-focused platform.We implement administrative, technical, and organizational safeguards designed to protectuser data against unauthorized access, alteration, disclosure, or destruction.Security is embedded into our infrastructure, development processes, and operationalcontrols.

1. Data Protection & Encryption

• All data transmissions are secured via HTTPS using SSL/TLS encryption.
• Passwords are hashed and salted using industry-recognized cryptographic standards.
• Sensitive data, including location data and private communications, is protected using encryption mechanisms in transit and, where appropriate, at rest.

2. Account Security Controls

• Strong password requirements are enforced.
• Optional Two-Factor Authentication (2FA) is available.
• Automatic session timeouts reduce unauthorized access risks.

3. Infrastructure Security

• Hosting environments are deployed within secure, access-controlled data centers.
• Network-level protections such as firewalls, traffic filtering, and intrusion detection systems are utilized.
• Anti-DDoS mitigation mechanisms are implemented where appropriate.
• Periodic vulnerability assessments and security reviews may be conducted.

4. Access Governance

• Role-Based Access Controls (RBAC) restrict internal data access to authorized personnel only.
• Administrative actions are logged and subject to internal review.

5. Privacy & Location Controls

• Users maintain control over profile visibility and shared information.
• Real-time location sharing is strictly opt-in and session-based.
• Personal data is not sold to third parties.

6. Monitoring & Incident Response

• Security monitoring tools track anomalous behavior and potential threats.
• In the event of a confirmed data breach, affected users will be notified in accordance with applicable laws.
• Incident response procedures are maintained to ensure timely containment and remediation.

7. Secure Development Practices

• Systems and dependencies are regularly reviewed and updated.
• Secure coding practices, code review procedures, and controlled deployment workflows are followed to minimize vulnerabilities.

8. User Responsibility

Security is a shared responsibility. Users are encouraged to:

• Maintain confidentiality of login credentials.
• Report suspicious activity promptly.
• Exercise caution when arranging in-person meetings.

9. Regulatory Alignment

HolidayBuddie®’s security framework is designed to align with applicable data protection regulations, including the GDPR, UK GDPR, CCPA, and India’s Digital Personal Data Protection Act (DPDPA) 2023, as applicable to user jurisdictions.

10. Reporting Security Concerns

If you identify a potential vulnerability or security concern, please contact:

• support@holidaybuddie.com
• www.holidaybuddie.com/page/security